• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

rmf implementation

Implementation of security controls resources part 1

March 3, 2021 by Leave a Comment

What do you use to implement security controls?
First of all, implementation of security controls means to put security on your server, workstations or other information systems. The best guidance is where ever you can get it from. Your organization may provide resources to you. This could be process and procedures. You can also use security implementation guides https://public.cyber.mil/stigs/
But probably the best and most comprehensive source of implementation guidance is from the vendor of the system or OS you are using. For Cisco router security implementation they have guidance on Cisco.com (for example). Cisco probably won’t call them “security controls” but if you know you need to update the IOS, you would search their site for how to update the IOS and what is the most current IOS for your internetwork device.

Filed Under: diarmf - implement, STIGS Tagged With: implementation, rmf implementation, stigs

Best Practices Guide for Department of Defense Cloud Mission Owners

August 18, 2015 by Bruce Brown Leave a Comment

DISA has released “Best Practices Guide for Department of Defense Cloud
Mission Owners” which is available at
http://iase.disa.mil/cloud_security/Pages/index.aspx

This site provides a knowledge base for cloud computing security processes and cloud service provider (CSP) security requirements.

DISA has developed the following DRAFT documents related to Cloud Computing Security and the use/integration of Cloud Computing in DoD which are available for community review and feedback/comments:
• Draft Cloud Computing Security Requirements Guide (SRG), Version 1 Release 2
• Draft Cloud Access Point (CAP) Functional Requirements Document (FRD) V2.2
• Draft Concept of Operations (CONOPS) for Cloud Computer Network Defense (CND) v1

The Draft documents and a Comment Matrix for each (in a .zip file) are available below.

Please provide comments by COB 22 August 2015 on the Comment Matrix associated with each document via one unclassified email for each comment matrix to:
disa.letterkenny.re.mbx.stig-info@mail.mil

Please Note: It is critical that each comment matrix is returned in a separate email with the subject line stating “[Your organization] Comments for [document title]” so we can distribute the comment matrices to the appropriate team for each document and easily identify the source.

 

Filed Under: diarmf - implement, STIGS Tagged With: cloud, implementation, rmf implementation, STIG

SCAP Compliance Checker SCC)

March 13, 2014 by Bruce Brown 3 Comments

SCAP Compliance Checker SCC Tool 3.1.2

 

SCAP Compliance Checker SCC
SCAP Compliance Checker (SCC)

SPAWAR Systems Center Atlantic has released an updated version to the SCAP Compliance Checker SCC Tool.  The updated features include recent DISA STIG content for both Windows and Red Hat systems and NIST USGCB patch content.  In addition, several defects have been resolved in the 3.1.2 release.

SCAP Content
+ AIX
+ Dot Net Framework
+ Google Chrome
+ HP-UX
+ Internet Explorer Benchmarks
+ Red Hat
+ Solaris
+ Windows 8 Benchmarks
+ Windows 2008 R2 Benchmarks
+ Windows 2008 Benchmarks
+ Windows 2003 Benchmarks
+ Windows 7 Benchmarks
+ XP Benchmarks
+ Vista Benchmarks
+ Audit
+ SCAP Tools

The SCAP Tools are located at http://iase.disa.mil/stigs/scap/index.html#scc

 Security Content Automation Protocol (SCAP) Windows Benchmarks

DISA Field Security Operations (FSO) is releasing updated automated compliance benchmarks for Windows Operating Systems outside of the normal quarterly release schedule.  The latest benchmarks will correct a problem with importing the content into the HBSS Policy Auditor tool. The Benchmarks are located at http://iase.disa.mil/stigs/scap/index.html

 

More on the feature of SPAWAR SCAP Compliance Checker SCC Tool:

Primary Features:

  • No per seat license costs for Federal government/contractor computers
  • Performs compliance scanning using SCAP content
  • Performs vulnerability scanning using OVAL content
  • Performs manual interview checks using OCIL content
  • Creates XCCDF XML results
  • Creates OVAL XML results
  • Creates ARF XML results
  • Creates Cyberscope Autofeed XML results
  • Creates HTML and text based single computer reports
  • Creates HTML and spreadsheet based multi-computer summary reports
  • Allows for installation of custom SCAP and OVAL content
  • Allows for automatic downloading of updated patch content from Internet/Intranet
  • Allows for organizational deviations
  • Allows for organizationally defined compliance thresholds
  • Has graphical and command line interfaces
  • Native executables per platform (no runtime requirements such as Java

Filed Under: diarmf - implement, RDIT, Risk Management For DoD IT Tagged With: diarmf - implement, rmf, rmf assessment, rmf implementation, SCAP Compliance Checker, scap compliance tool, scap tool, scc

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Cybersecurity Jobs Resume Marketing: Book 1 Find Cybersecurity jobs
  • Security Control Assessor (SCA) Methods table top exercise
  • Cybersecurity Pro opinion about Tiktok
  • Las Vegas teleworking
  • STIGS in the RMF Process

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in