Risk Management For DoD IT

Risk Management For DoD ITSTIGS

STIG Update – Google Chrome Browser STIG, V1R7

chrome DISA STIG

STIG Update –¬†Google Chrome Browser STIG, V1R7

DISA has updated the Google Chrome Browser STIG Version 1 Release 7. The requirements of the STIG become effective immediately. The STIG is available on IASE at http://iase.disa.mil/stigs/app-security/browser-guidance/Pages/browser-guidance.aspx.


read more
cyberspace workforceDIARMF Jobsrisk jobsRisk Management For DoD ITroles

Security Roles and Responsibilities

no thumb

There are hundreds of different roles & responsibilities in the IT Security career field alone. Here are some of the common types that I have seen:

Information System Security Manager – coordinate with the system owner and the information system security officer to ensure security is on the systems.
Information System Security Officer – coordinate with management and system administrators to implement system security controls. Ensures security controls are tracked and documented.
System Administrator – applies technical functionality and security on information systems.
Architect – assists in the design of enterprise information systems.
Security Analyst – review the logs of information systems to determine if there are any malicious activities happening.
Auditors – review the information systems to make sure the security controls are applied, documented and continuously monitored.

read more
cyberspace workforceDIARMFInformation AssuranceNIST Security Frameworkrisk jobsroles

IT Security Career Risk Management Framework

no thumb

So you want to get into Information Technology? Well what do you want to do in IT because there are many different branches of it. I would suggest going into IT security, specifically, Risk Management Framework. It is a very specialized field.

You will need to know the fundamental of IT security. The basics on what goes into securing important data and their hardware. You will also need to have at least a little knowledge of technology and its history. You will need to know a LOT about NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems”. You will need to dive into NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations”.

Since not many people want to do this work, or even know about it, there is not much competition. They are always looking for qualified people to do it. What you will need is a 4 year degree (preferably in something technical), an IT certification in security (Security+, ISC2 CAP, CISSP, CASP, CISM,CISA) and a lot of knowledge on NIST 800-37.


read more
certification & accreditationDIACAPDIARMFDIARMF ProcessRisk Management For DoD IT


no thumb

There are differences between the old DIACAP (being phased out), DoD RMF for IT and NIST RMF. What is “DIACAP”? It stands for Department of Defense Information Assurance Certification & Accreditation Process and it is based on the old DoDI 8510.01 and DoD 8500 documents. The process was designed to make absolutely sure federal systems have security on them.

With the constant exponential evolution of information technology this process has had to change to keep up with the times. DIACAP is being replaced with DoD Risk Management Framework for Information Technology (DoD RMF for IT). This process has more granularity, more detailed, more frequent and covers many new technology that was not covered by DIACAP. DoD RMF for IT is actually based fundamentally on NIST SP 800-37, Risk Management Framework.



read more
certification & accreditationDIACAPDIARMFInformation AssuranceRisk Management For DoD IT

What is Risk Management Framework NIST 800 37

diarmfs cyber security

Risk Management is being aware of and taking actions to prepare for probable unfavorable outcomes.

Risk Management Framework is a process the implement risk management in an organization.

There are (6) steps to the RMF:
1. Categorize
2. Select
3. Implement
4. Assess
5. Authorize
6. Continuous Monitoring

More on the Risk Management Framework Steps here:

risk management framework steps

read more
diarmf - implementRisk Management For DoD ITSTIGS

STIG Update – DISA has released the following IAVM packages


STIG Update – DISA has released the following IAVM packages

DISA has released the following IAVM packages:

AIX 6.1 Ver 1, Rel 22
Apple OS 10.10 Workstation Ver 1, Rel 11
Apple OS 10.8 Workstation Ver 1, Rel 15
Apple OS 10.9 Workstation Ver 1, Rel 12
BlackBerry 10 OS Ver 1, Rel 13
Cisco IOS Ver 1, Rel 13
HP-UX 11.31 Ver 1, Rel 22
MAC OS X 10.6 Ver 1, Rel 22
Oracle Linux 5 Ver 1, Rel 15
Oracle Linux 6 Ver 1, Rel 15
RHEL 5 Ver 1, Rel 22
RHEL 6 Ver 1, Rel 20
Solaris 10 SPARC Ver 1, Rel 22
Solaris 10 x86 Ver 1, Rel 22
Solaris 11 SPARC Ver 1, Rel 15
Solaris 11 x86 Ver 1, Rel 15
Windows 7 Ver 1, Rel 20
Windows 8 and 8-1 Ver 1, Rel 20
Windows 2008 R2 Ver 1, Rel 20
Windows 2008 Ver 1, Rel 20
Windows 10 Ver 1, Rel 6
Windows 2012 and 2012 R2 Ver 1, Rel 18
Windows Vista Ver 1, Rel 20
zOS Ver 6, Rel 27

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

read more
1 2 3 12
Page 1 of 12