cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer III

ISSM/O and/or RMF

Good day, all;

 

I am taking an informal poll --- does anyone else serve as an Information Systems Security Manager (ISSM) or Officer (ISSO) and/or work with DoD Risk Management Framework (RMF) or NIST SP 800-53?

 

Kind regards,

5 Replies
Highlighted
Advocate III

Re: ISSM/O and/or RMF

Charles @cindelicato ,

Until my retirement in Spring 2018 I worked for many years (10+) with the entire RMF set of NIST SP's 800-37, -53, -53A, etc., as a contractor for multiple DoD organizations and also for the VA. In one of those engagements the ISSM appointed me as one of several ISSOs to assist in the RMF process for new systems being developed. 

 

I try to stay aware of updates in the RMF family, but admit I am probably not current on RMF practices today. 

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html
Highlighted
Viewer II

Re: ISSM/O and/or RMF

I mostly do CDS work these days but am also the ISSE on two small RMF packages. The Navy has its own spin on how RMF works. Beyond that, each Echelon II can be different as well. It makes life fairly interesting. 

 

In about 4-6 months, I am looking forward to retirement.  IMHO, the best way to deal with RMF is in the rear view mirror.  LOL.

Highlighted
Newcomer III

Re: ISSM/O and/or RMF

I have just stepped into an ISSM position and am looking forward to learning as much as I can.

Highlighted
Viewer II

Re: ISSM/O and/or RMF

Presently an ISSO and working with RMF for the past two year...with copious amounts of coffee
Highlighted
Newcomer II

Re: ISSM/O and/or RMF

I have been in positions working DoD DIACAP/RMF and NIST managing system packages and assessments over 15yrs.  Government positions will require a security clearance (typically already active and agency specific) in addition to certification and experience. Most positions are gradually being converted over to government and typically have a minimal contractor support staff.