cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cindelicato
Contributor I

ISSM/O and/or RMF

Good day, all;

 

I am taking an informal poll --- does anyone else serve as an Information Systems Security Manager (ISSM) or Officer (ISSO) and/or work with DoD Risk Management Framework (RMF) or NIST SP 800-53?

 

Kind regards,

5 Replies
CraginS
Defender I

Charles @cindelicato ,

Until my retirement in Spring 2018 I worked for many years (10+) with the entire RMF set of NIST SP's 800-37, -53, -53A, etc., as a contractor for multiple DoD organizations and also for the VA. In one of those engagements the ISSM appointed me as one of several ISSOs to assist in the RMF process for new systems being developed. 

 

I try to stay aware of updates in the RMF family, but admit I am probably not current on RMF practices today. 

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
im_eric
Viewer II

I mostly do CDS work these days but am also the ISSE on two small RMF packages. The Navy has its own spin on how RMF works. Beyond that, each Echelon II can be different as well. It makes life fairly interesting. 

 

In about 4-6 months, I am looking forward to retirement.  IMHO, the best way to deal with RMF is in the rear view mirror.  LOL.

DAlexander
Newcomer III

I have just stepped into an ISSM position and am looking forward to learning as much as I can.

DGat
Viewer II

Presently an ISSO and working with RMF for the past two year...with copious amounts of coffee
RRoach
Contributor I

I have been in positions working DoD DIACAP/RMF and NIST managing system packages and assessments over 15yrs.  Government positions will require a security clearance (typically already active and agency specific) in addition to certification and experience. Most positions are gradually being converted over to government and typically have a minimal contractor support staff.