How to Apply the 7 Risk Management Framework (RMF) Process Steps

Art Clomera, Vice President, Operations We’ve all heard the adage: “Nothing ventured, nothing gained.” In essence, you have to risk something if you want to get things done. So much of our lives involves assessing risk and intelligently managing those risks to meet our needs and achieve our goals. It’s why a motorcyclist wears a […]
Building ROMs for Cybersecurity Needs: A Guide for Federal Agencies

R. Shawn Elliott President and LLC Manager IPKeys Technologies, LLC | Chickasaw Nation Industries (CNI) Cybersecurity budgeting is rarely straightforward, since threats evolve faster than procurement cycles. That’s why Rough Order of Magnitude (ROM) estimates are so valuable. Whether you’re managing FedRAMP authorizations or preparing for next year’s funding cycle, a solid ROM gives you […]
What is a POAM? (Including a POAM Template and Example)

Art Clomera, CTO, Federal Services – Wouldn’t perfection be great? Everyone, every organization, every system working exactly the way they should with inexhaustible, flawless precision from the word “Go.” Never worrying about something not going exactly as planned. It sounds pretty great but also pretty impossible… (even boring). Perfection in the world of cyber security […]
Cybersecurity Automation: How to Strengthen Defense While Reducing Manual Work

Art Clomera Vice President, Operations India, the US, Indonesia, and China alone account for almost half of the total reported cyberattacks in the government sector. Threats, ranging from espionage to malware designed to disrupt critical national infrastructure, are a defining feature of modern geopolitical relations. This barrage demands always-on, predictive, continuously improving advanced cybersecurity measures. […]
Proactive IT Risk Management: Building Resilience in an Evolving Digital World

R. Shawn Elliott President and LLC Manager IPKeys Technologies, LLC | Chickasaw Nation Industries (CNI) 2024 brought some harsh cybersecurity lessons for everyone working in U.S. government cybersecurity. One major wake-up call came when Chinese hackers broke into several U.S. telecom networks in an attack dubbed Salt Typhoon. Then came an unexpected hit. CrowdStrike, which […]
NIST Security Controls Explained (with Examples)

Art Clomera Vice President, Operations Federal agencies would be paralyzed without the data centers and software systems that store and process data. But many cyberattacks aren’t politically motivated. Government agencies worldwide are often targeted for the vast quantities of personal information they keep about citizens. The market for this stolen data is more lucrative than […]
What is DoD Impact Level 5 (IL5)?

Don’t let data breaches compromise your mission. The DoD IL5 standards protect information systems handling data that could devastate national security if breached.
How to Create a Comprehensive Access Control Policy: Template & Example

Art Clomera Vice President, Operations Granting access to a valuable resource is a question of trust (conditional authorization) and necessity (continuous authentication). For example, consider a company office building. Some areas are publicly accessible, while others are restricted to specific personnel. These restricted areas may have confidential information or sensitive equipment and therefore are limited […]
Security Assessment Report (SAR) Template, Guide, and Examples

Art Clomera Vice President, Operations Implementing effective security controls for information systems is a vital and complex undertaking. All Federal agencies require cybersecurity control measures in one form or another – and assessing their effectiveness is a challenge. Due to the complex and quickly evolving nature of cybersecurity threats, it can be difficult to accurately […]
How to Create a NIST Risk Assessment Report (with Template)

Art Clomera Vice President, Operations It doesn’t do a lot of good to think about cybersecurity risks in generalities. It’s even worse to not think about them at all. Imagine contracting a security firm whose slogan was “We’ll wing it!” Such vagueness invariably leads to a reactive – and, by definition, porous – risk posture […]