Settings
Log out
An image of a purple circle with a blue center.
go back
My courses
/
CASI
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
20%
5/47
01. Module
3 lectures
25 min
02. Module
3 lectures
25 min
03. Module
3 lectures
25 min
04. Module
3 lectures
25 min
05. Module
3 lectures
25 min
06. Module
3 lectures
25 min
07. Module
3 lectures
25 min
08. Module
3 lectures
25 min
09. Module
3 lectures
25 min
10. Module
3 lectures
25 min
11. Module
3 lectures
25 min
12. Module
3 lectures
25 min
13. Module
3 lectures
25 min
14. Video Collection
3 lectures
25 min
00. Network Security Fundamentals
01. Bash Scripting microlesson
4:14 min
01. Blockchain technology
01. Business Continuity and Disaster Recovery Planning
01. Communication Strategy
2:23 min
01. Computer Peripherals
10:33 min
01. DEFI and Core concepts
2:12 min
01. Data Backup Part 1
0:28 min
01. Edited Create a Blockchain 01 Made with Clipchamp
45:09 min
01. Edited Create a Blockchain 01 Made with Clipchamp
45:09 min
01. History and evolution of blockchain technology
01. ISO 27001
01. Keylogger
20:46 min
01. Knowledge Article Updates
2:10 min
01. Network Security Fundamentals
01. Overview of Active Directory (Azure and Windows)
01. Practical Cryptography
01. Security and wallet drains
1:11 min
01. Security in blockchain explained
1:12 min
01. Smart Contracts Explained
1:21
01. Smart Contracts Explained
1:21 min
01. TCP/IP model layers
1:38 min
01. Understanding the DoD Risk Management Framework (RMF)
01. What is Cloud Computing
4:49 min
02. Best Practices in Identity and Access Management (IAM)
02. Data Backup Part 2
0:30 min
02. Designing Secure Architectures
1:39 min
02. Essential Tools, Safety Measures, and Online Resources for Building a Computer
02. History of Cloud Computing
5:27 min
02. Incident Response Planning and Execution
02. Key concepts of blockchain
2:17 min
02. OSI model
2:18 min
02. Remote Desktop
2:54 min
02. Researching Blockchain Projects and Tokenomics
1:12 min
02. Rust and Solidity
1:40 min
02. Sandboxing
02. Securing JavaScript Applications
02. Service Strategy
2:30
02. Service Strategy
2:30 min
02. Understanding and Analyzing Threat Actors
02. Understanding the DoD Risk Management Framework (RMF)
03. Best Practices for Remoting into Someone's Workstation
03. Blockchain Security
03. Blockchain Security Tools
03. Blockchain Technology
4:12 min
03. Building Resilient Systems
03. Cloud Networking
3:04 min
03. Data Backup Part 3
0:16 min
03. Implementing Risk
03. Network Topologies
1:23 min
03. Overview of IT teams leads
03. Security in blockchain explained
1:11
04. Brief Overview of Operating Systems
04. Comparison with the OSI Model
0:40 min
04. Data Backup Part 4
0:30 min
04. Major Cloud Service Providers
2:40 min
04. Proof of Work (POW) vs Proof of Stake (POS)
0:57 min
04. Rust and Solidity
1:40
05. Cloud Watch video
8:34 min
05. Different Cloud Environments
05. POS VS POW
0:57
05. Storage
3:08 min
05. Understanding Print Queues, Printer Configurations, and Adding/Removing Printers
06. Data animated video
4:14 min
06. Knowledge Article Updates
2:10
06. Network Audio and Video
1:21 min
06. The Importance of Data Backups: Safeguarding Information and Ensuring Continuity
07. Bash scripting microlesson
4:14 min
07. Core Cloud Services Computer
4:59 min
07. Designing Secure Architectures
1:39
07. Key Processes and Practices
08. Alternatives to microsoft office
08. DEFI and Core Concepts
2:12
08. Overview of Active Directory
09. COMMAND / ADMIN TOOLS
09. Communication Strategy
2:23
1. Security Audits
10. Blockchain
2:17
10. Innovation
11. Blockchain Technology
4:12
12. TCP IP Model and its layers
1:38
13. Security and wallet drains
1:11
14. OSI MODEL
2:18
15. Network topologies
1:23
16. Comparison with the OSI Model
0:40
2. Defense in Depth
2. Security Audits part 2
Audio: Dealing with Bad leads
5:47 min
Audio: Interviewing
23:51
Audio: Interviewing
19:30
Audio: Leading projects
3:15 min
Audio: Learning opportunities
3:44 min
Audio: Networking Cables
0:07 min
Audio: Operating Systems
26:52 min
Audio: Security Policies
24:37
End of Module
Introduction to IT Service Management
Donate

02. Understanding the DoD Risk Management Framework (RMF)

Introduction to the DoD RMF

  1. What is the RMF?
    • The Risk Management Framework (RMF) is the Department of Defense’s (DoD) structured approach for managing and reducing risks associated with IT systems.
    • It replaces the previous DIACAP process, focusing on a consistent, enterprise-wide risk management method.
  2. Objectives of the RMF:
    • Governance and Oversight: Ensures all cybersecurity policies are followed.
    • Risk-Based Decision Making: Supports informed decisions on managing cybersecurity risks at all organizational levels.
    • Continuous Improvement: Encourages ongoing assessment and enhancement of cybersecurity measures.

Transition from DIACAP to RMF

  1. Shift in Approach:
    • Transition from compliance-focused (DIACAP) to risk-based decision-making (RMF).
    • Focus on protecting confidentiality, integrity, and availability of information.
  2. Key Changes:
    • Security Objectives: Emphasizes CIA (Confidentiality, Integrity, Availability).
    • Guidelines and Terms: Uses standards like NIST SP 800-53.
    • Lifecycle Management: Continuous monitoring and updating of security throughout the IT system’s lifecycle.

RMF Governance Structure

  1. Tiered Governance Model:
    • Tier 1 - Organization Level:
      • Strategic oversight and guidance.
      • Key Roles: DoD Chief Information Officer (CIO) and Senior Information Security Officer (SISO).
    • Tier 2 - Mission/Business Processes Level:
      • Addresses mission-specific risks.
      • Key Roles: Principal Authorizing Official (PAO), DoD Component CIO.
    • Tier 3 - Information Systems Level:
      • System-level risk management.
      • Key Roles: Authorizing Official (AO), System Cybersecurity Program Managers, Information System Security Officers (ISSOs).

Key Concepts in DoD RMF

  1. Applicability:
    • RMF applies to all DoD-owned or controlled IT systems, including special access programs, R&D IT, and contractor IT systems.
  2. DoD Information Technology Categories:
    • Information Systems (ISs): Major applications and enclaves.
    • Platform IT (PIT): Systems like weapon systems, medical devices, and industrial control systems.
    • IT Services and Products: Software, hardware, and services provided internally or externally.
  3. Security Controls:
    • Based on NIST SP 800-53 and CNSSI 1253.
    • Controls tailored according to CIA requirements.

RMF Knowledge Service

  1. Purpose:
    • Web-based resource for RMF implementation guidance, templates, and best practices.
    • Collaboration space for cybersecurity professionals across the DoD.

Key Steps in the RMF Process

  1. Step 1: Categorize System
    • Categorize all DoD information systems (ISs) based on confidentiality, integrity, and availability.
    • Document categorization in the Security Plan using CNSSI 1253 guidance.
  2. Step 2: Select Security Controls
    • Choose security controls from NIST SP 800-53 based on system categorization.
    • Tailor controls as needed for specific security needs.
  3. Step 3: Implement Security Controls
    • Deploy controls as per the cybersecurity architecture.
    • Document implementation in the Security Plan.
  4. Step 4: Assess Security Controls
    • Evaluate the effectiveness of the controls.
    • Document findings in the Security Assessment Report (SAR).
  5. Step 5: Authorize System
    • Authorizing Official (AO) reviews SAR.
    • Decide if the system can operate or requires remediation based on risk.
  6. Step 6: Monitor Security Controls
    • Continuously monitor and update the Security Plan.
    • Ensure security posture remains effective through regular assessments.

Supporting Tools and Resources

  1. Control Overlays and Policy Comparisons:
    • RMF Knowledge Service offers tools to apply overlays and compare policies to align with system requirements.
  2. Advanced Policy Search:
    • Facilitates finding specific policy information to ensure alignment with DoD requirements.

Understanding System Categorization

  1. CNSSI 1253 System Categorization:
    • Risk-based approach to determine security requirements for National Security Systems (NSS) and non-NSS.
    • Considers impact on confidentiality, integrity, and availability.
Download Course Files
file
.zip
Give Feedback
John Smith
Thank you! Your feedback has been received!
Oops! Something went wrong while submitting the form.
© 2024  Orbital. All rights reserved.
Privacy PolicyTerms of ServiceCookies Settings
A black and white logo with the words orbital.
HomeCoursesAbout UsBlogContacts
© 2024  Orbital. All rights reserved.
Privacy PolicyTerms of ServiceCookies Settings
star decorstar decor
An image of a purple circle with a blue center.An image of a purple circle with a blue center.decorstar decorstar decorstar decorstar decorA purple ball with a white ring around it.