Blog
Anyone who has ever used the Risk Management Framework (RMF) in two or more different organizations can attest to how dynamic RMF, Security Plans, and Plans of Action and Milestones (POAMs) are. They are so dynamic, in fact, that no two organizations utilize them the same. That’s one of the things that Information Assurance professionals...
The foundation of risk-based cybersecurity using the Risk Management Framework (RMF) is designing, developing and deploying resilient systems. Resilient systems have the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on your information resources. One of the most important steps toward cyber resilience is practicing good cybersecurity hygiene,...
Developing a System Security Plan (SSP) and ATO decision support package can be a daunting challenge especially as you move mission critical applications to the cloud. One way to expedite the process and benefit from the lessons learns of those who went before you is to leverage the Provisional Authority to Operate (P-ATO) documents available...