ICD 503 Implementation in RMF Step 3 Part 2


ICD 503 implementation in the RMF Step 3 can be a little tricky and I wanted to post a little bit about some additional things to look for in this step 3.  The key thing to realize during this step is that you are explaining to your customer how you are going to implement the…

Click Here to Continue Reading →

Getting Started With ICD 503 RMF Step 3 Part 1

100% for icd 503 rmf step 3 implementation

Before we step into probably the most difficult part of the RMF process, I want to talk about some of the things that you want to be aware of. First, by now you should know after RMF step 1 and 2 that this entire assessment and authorization process is not about implementing every single security…

Click Here to Continue Reading →

ICD 503 Continuous Monitoring: How to Meet the Requirement

Ah, ICD 503 continuous monitoring – is there anything in this world that is more ambiguous and misunderstood? I’m pretty sure there isn’t, but hopefully in this post you’re going to get some answers to the many questions that people have when it comes to developing a ICD 503 continuous monitoring strategy ( you begin…

Click Here to Continue Reading →

RMF Step 2 Selecting Your Controls (ICD 503 SSP Included)

One of the easiest of all the risk management steps is step two. This is where you were going to be selecting your controls based off of the capabilities of your system and what it’s going to be used for. Essentially, what happens during this step is that all of the controls that we’re generated…

Click Here to Continue Reading →

RMF Step 1 – Categorizing the Information System (legacy system version)

ICD 503 Legacy

Now don’t get freaked out, I know the transition to the ICD 503 and risk managed framework can seem very complicated. This is especially true when you are trying to get systems that were originally accredited under the DCID 6/3. Change is hard, and it always seems that the new process is a more difficult…

Click Here to Continue Reading →

Intro to the Six Step Risk Management Framework for ICD 503

One of the things that you need to understand intimately is the risk managed framework. It is the key to everything when it comes to the ICD 503. No matter what ICD 503 training you take, if they are not focused on helping you to understand, implement, and communicate the risk managed framework to your…

Click Here to Continue Reading →

ICD 503: Thinking Out The Whole System Strategically

Before we get into the actual risk managed framework, there’s one big concept that needs to be talked about. You see, in past compliance documentation such as the DCID 6/3 and JAFAN 6/3 the primary focus was implementing security controls. While that’s great, it’s not looking at the big picture. Now with the ICD 503…

Click Here to Continue Reading →

Certification and Accreditation Part 2

In the last post, we talked about the CIA Triad (confidentiality, integrity, and availability) in this article we are going to go go over the impact levels in the ICD 503. A small change in terminology In the DCID 6/3, there were three types of levels of concern. Depending on the confidentiality, integrity, and availability…

Click Here to Continue Reading →

Certification and Accreditation Part 1

Alright, so accreditation and certification under the ICD 503 is generally similar to the process DCID 6/3, and its counterpart the JAFAN 6/3, used to determine whether an information system had the appropriate security controls in order to operate. However, there are some differences in mindset as well as implementation when it comes to accreditation.…

Click Here to Continue Reading →

Risk management in the new security methodology

Alright, let’s talk about one of the most important things that you need to understand when it comes to ICD 503 training. In the past, the focus was on absolute and rigid security for computer systems. Well, that way of thinking has gone the way of the dinosaur. With the constant change in technology and…

Click Here to Continue Reading →

Page 1 of 2