close

NIST Security Framework

cyberspace workforcediarmf - implementdiarmf - selectNIST Security Frameworkrisk management

Risk Management Framework NIST SP 800-18 System Security Plan intro

no thumb

This is an introduction to the NIST Special Publication 800-18, System Security Plan. We walk through why you need a System Security Plan and some of the main elements of the System Security Plan.

#SSP, #NIST,#systemsecurity,#security,#rmf

 

read more
cyberspace workforceDIARMFInformation AssuranceNIST Security Frameworkrisk jobsroles

IT Security Career Risk Management Framework

no thumb

So you want to get into Information Technology? Well what do you want to do in IT because there are many different branches of it. I would suggest going into IT security, specifically, Risk Management Framework. It is a very specialized field.

You will need to know the fundamental of IT security. The basics on what goes into securing important data and their hardware. You will also need to have at least a little knowledge of technology and its history. You will need to know a LOT about NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems”. You will need to dive into NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations”.

Since not many people want to do this work, or even know about it, there is not much competition. They are always looking for qualified people to do it. What you will need is a 4 year degree (preferably in something technical), an IT certification in security (Security+, ISC2 CAP, CISSP, CASP, CISM,CISA) and a lot of knowledge on NIST 800-37.

 

read more
cyberspace workforceNIST Security Frameworkrisk managementRisk Management For DoD ITroles

dodd 8140 cyberspace workforce management

nist dod 8140

What is the DoD Directive 8140?
DoD 8140, Cyberspace workforce will supersede DoD 8570 as the guide for selecting the personnel with the correct certifications, skills and experience.

Where is the DoDD 8140.01, Cyberworkforce going?
8140 manual may mirror an ongoing initiative that has a lot more categories. Those high level categories would be under a National Initiative for Cybersecurity Education (NICE) framework:

Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.

These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out.

http://diarmfs.com
niccs.us-cert.gov

read more
cyberspace workforceNIST Security Frameworkrisk management

Cybersecurity Workforce Framework APP (part 1)

cybersecurity workforce app
Cybersecurity Workforce Framework 8140
Cybersecurity Workforce Framework

App_Store_Badge_135x40_Master_062012

google-play-en@2x_135_40

App now available on the app store

We are working on an app that will allow quick navigation of the National Cybersecurity Workforce Framework version 2.  It will be pretty simple for now.

Version 1.x features Will Include:

  • All Categories mapped to Special Areas
  • All KSA
  • All TSA

In future versions we will include certifications that apply to each Special Area.  I am waiting for DoDD 8140 because I think it will match up with National Cybersecurity Workforce Framework version 2.

cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
read more
DIARMFNIST Security Frameworkrisk managementRisk Management For DoD IT

Risk Management Framework (RMF) for DoD Information Technology (IT)

Cybersecurity and RMF

The Risk Management Framework (RMF) Knowledge Service is DoD CIO’s authoritative source for implementing the RMF and DIACAP: https://rmfks.osd.mil/ *not a public site*

DoD RMF Documentation:

The DoD RMF is based on DoDI 8500.01, Cybersecurity and DoDI 8500.01, Risk Management Framework (http://iase.disa.mil/rmf/Pages/guidance.aspx).

DoDI 8500.01 – Cybersecurity
This DoD Instruction replaces the previous Information Assurance (IA) guidance under DoDD 8500.01, November 21, 2003.

DoDI 8510.01 – Risk Management Framework (RMF) for DoD Information Technology (IT)
This DoD Instruction replaces the previous DIACAP guidance under DoDI 8510.01, November 28, 2007.

 

Cybersecurity and RMF
Cybersecurity and RMF

These policies refer to the NIST 800 series.  Specifically, NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems and NIST SP 800-53 rev 4, Security and Privacy Controls for Federal.

CNSS RMF Guidance:
CNSSI No. 1253 for CNSS Home page and select “Instructions” from Library drop down.
Security Categorization and Control Selection for National Security Systems – This document replaces previous version dated 3 March 2012. Overlays are now Appendix F vice K.

read more
1 2 3 5
Page 1 of 5