topic Re: ISSM/O and/or RMF in Career Discussions

ISSM/O and/or RMF

cindelicato — Mon, 09 Oct 2023 09:36:47 GMT

Good day, all;

I am taking an informal poll --- does anyone else serve as an Information Systems Security Manager (ISSM) or Officer (ISSO) and/or work with DoD Risk Management Framework (RMF) or NIST SP 800-53?

Kind regards,

Re: ISSM/O and/or RMF

CraginS — Sun, 16 Aug 2020 14:31:36 GMT

Charles @cindelicato ,

Until my retirement in Spring 2018 I worked for many years (10+) with the entire RMF set of NIST SP's 800-37, -53, -53A, etc., as a contractor for multiple DoD organizations and also for the VA. In one of those engagements the ISSM appointed me as one of several ISSOs to assist in the RMF process for new systems being developed.

I try to stay aware of updates in the RMF family, but admit I am probably not current on RMF practices today.

Craig

Re: ISSM/O and/or RMF

im_eric — Mon, 31 Aug 2020 16:08:50 GMT

I mostly do CDS work these days but am also the ISSE on two small RMF packages. The Navy has its own spin on how RMF works. Beyond that, each Echelon II can be different as well. It makes life fairly interesting.

In about 4-6 months, I am looking forward to retirement. IMHO, the best way to deal with RMF is in the rear view mirror. LOL.

Re: ISSM/O and/or RMF

DAlexander — Thu, 03 Sep 2020 19:38:01 GMT

I have just stepped into an ISSM position and am looking forward to learning as much as I can.

Re: ISSM/O and/or RMF

DGat — Wed, 23 Sep 2020 20:48:40 GMT

Presently an ISSO and working with RMF for the past two year...with copious amounts of coffee

Re: ISSM/O and/or RMF

RRoach — Thu, 29 Oct 2020 14:42:10 GMT

I have been in positions working DoD DIACAP/RMF and NIST managing system packages and assessments over 15yrs. Government positions will require a security clearance (typically already active and agency specific) in addition to certification and experience. Most positions are gradually being converted over to government and typically have a minimal contractor support staff.