NIST 800-53

Convocourses Podcast: RMF Course Updates New & NIST-53a

February 4, 2021 by cyberaware2 Leave a Comment

There are some updates to the RMF Courses and many more to come.

0:00 blank intro
0:40 Start of convocourse podcast
1:43 Helping with Master Degree on Nist RMF
2:38 Complete Course of NIST RMF
5:45 RMF NIST Course as an Audio file
7:40 RMF NIST Security Control Interpretation
11:40 ISSO lean to Support the team
15:52 Cannot get an ISSO Job
17:34 Security Control Family Interpretation
21:57 NIST RMF 800 and Privacy added
29:15 illegal pricing
31:33 ISC2 CAP vs ISSO work

Podcast: Play in new window | Download

cybersecurity compliance project manager alexandia VA job

February 22, 2020 by cyberaware2 Leave a Comment

check out the courses:
http://convocourses.com

Job Title: #Cybersecurity #Compliance Project Manager
Job Location: Alexandria, VA, US
Project Length: Long Term

Clearance Requirement: Active Secret clearance.

Key Role:
Serve as a Task Lead responsible for the creation of a Cybersecurity Governance, Risk, and Compliance (GRC) team assessment program for a DoD organization. Design, develop, and implement the assessment program independently to measure Cyber GRC metrics, determine readiness for audits and inspections based on DoD policies and NIST standards, identify risks, and provide automated remediation plans. Work to improve communication and enhance the organization’s security posture through risk assessment preparation. Perform blind, non-punitive readiness assessments for organizational units to provide a preparatory remediation plan for upcoming inspections. Measure the effectiveness of the GRC programs and provide leadership with an unfiltered view of the organization’s security posture, measuring the balance between its objectives and risk profile. Recommend strategic enhancements and structural improvements for a compliance division.

Basic Qualifications:
10+ years of experience with Cybersecurity.
Ability to design, develop, and manage the implementation of risk assessment process methodology and tools, including eMASS.
Ability to communicate effectively and professionally in a fast-paced client-environment.
BA or BS degree in a Technology, IT, or Cybersecurity field.
DoD 8140 and 8570 IAM level II Certification.

Additional Qualifications:
Experience with GRC and assessment processes.
Experience with DoD 8500 series, NIST SP 800 series, DoD regulations, and instructions, including DoDI 8140-01, DoDI 8530.01, CJCSI 6510.01, and the Risk Management Framework (RMF).
Experience with briefing senior government officials at the General Officer and SES-levels.
PMP Certification.

Direct: 703-653-0218
karthik@param-solutions.com
https://recruiting-as-a-service.param…

https://param-solutions.com/careers

NIST SP 800-53, Revision 5 Security Controls for Information Systems and Organizations – 1 overview

September 5, 2018 by cyberaware2 Leave a Comment

NIST SP 800-53, Revision 5 Security Controls for Information Systems and Organizations – 1 overview

To download the slide go to:
https://securitycompliance.thinkific.com

NIST Special Publication 800-53, Revision 5
Security and Privacy Controls
Final Public Draft: October 2018
Final Publication: December 2018
Source: https://csrc.nist.gov/projects/risk-m…

NIST Special Publication 800-53A, Revision 5
Assessment Procedures for Security and Privacy Controls
Initial Public Draft: March 2019
Final Public Draft: June 2019
Final Publication: September 2019

There are 6 major objectives for this update—
-Making the security and privacy controls more outcome-based by changing the structure of the controls;

-Fully integrating the privacy controls into the security control catalog creating a consolidated and unified set of controls for information systems and organizations

-Separating the control selection process from the actual controls: systems engineers, software developers, enterprise architects; and mission/business owners

-Promoting integration with different risk management and cybersecurity approaches and lexicons, including the Cybersecurity Framework

-Clarifying the relationship between security and privacy to improve the selection of controls necessary to address the full scope of security and privacy risks

Risk Management Framework (RMF) for DoD Information Technology (IT)

March 30, 2015 by Bruce Brown Leave a Comment

The Risk Management Framework (RMF) Knowledge Service is DoD CIO’s authoritative source for implementing the RMF and DIACAP: https://rmfks.osd.mil/ *not a public site*

DoD RMF Documentation:

The DoD RMF is based on DoDI 8500.01, Cybersecurity and DoDI 8500.01, Risk Management Framework (http://iase.disa.mil/rmf/Pages/guidance.aspx).

DoDI 8500.01 – Cybersecurity
This DoD Instruction replaces the previous Information Assurance (IA) guidance under DoDD 8500.01, November 21, 2003.

DoDI 8510.01 – Risk Management Framework (RMF) for DoD Information Technology (IT)
This DoD Instruction replaces the previous DIACAP guidance under DoDI 8510.01, November 28, 2007.

Cybersecurity and RMF

These policies refer to the NIST 800 series. Specifically, NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems and NIST SP 800-53 rev 4, Security and Privacy Controls for Federal.

CNSS RMF Guidance:
CNSSI No. 1253 for CNSS Home page and select “Instructions” from Library drop down.
Security Categorization and Control Selection for National Security Systems – This document replaces previous version dated 3 March 2012. Overlays are now Appendix F vice K.