Key Insights from the NIST AI Risk Management Framework


Art Clomera Vice President, Operations The AI RMF is an extension of the NIST Risk Management Framework (RMF), tailored for artificial intelligence (AI) systems. It provides organizations with a structured approach to identify, assess and manage risks related to AI technologies throughout their lifecycle. The new battlefield is dominated by software and hardware. To navigate […]

Exploring the NIST CSF Categories: A Comprehensive Overview

NIST CSF Categories

Art Clomera Vice President, Operations Cybersecurity and Infrastructure Security Agency Director Jen Easterly confirmed that a cyberattack on U.S. government networks had affected several Federal agencies. In light of the events when hackers gained access through a security flaw in the widely used file-transfer software, MOVEit Transfer, this article will explore the NIST Cybersecurity Framework […]

Clarifying SSDF: An Overview of the Secure Software Development Framework


Art Clomera Vice President, Operations In response to President Biden’s Executive Order on “Improving the Nation’s Cybersecurity (14028)“, the National Institute of Standards and Technology (NIST) designed the Secure Software Development Framework (SSDF). The creation of the SSDF was a strategic move to bolster the cybersecurity posture of Federal agencies. NIST also developed the Risk […]

Demystifying Software Bill of Materials (SBOM): A Comprehensive Guide

Software Bill of Materials (SBOM)

Art Clomera Vice President, Operations It’s hard to believe that until recently, organizations lacked a reliable method to know what components were in their software – imagine opening a medicine bottle and not finding the ingredients label. While the Software Bill of Materials (SBOM) has been around for a decade, it’s gained traction in the […]

RMF Continuous Monitoring: How to Keep Your Cybersecurity Program Up to Date

RMF Continuous Monitoring

Art Clomera Vice President, Operations In today’s fast-paced digital landscape, cybersecurity threats are constantly evolving, making it crucial for Federal agencies to keep their defenses current. Risk Management Framework (RMF) Continuous Monitoring is a process that enables organizations to keep a watchful eye on their cybersecurity program and respond to emerging threats in a timely […]

How to Create a Comprehensive Access Control Policy (with Template and Example)

Art Clomera Vice President, Operations Granting access to a valuable resource is a question of trust (conditional authorization) and necessity (continuous authentication). For example, consider a company office building. Some areas are publicly accessible, while others are restricted to specific personnel. These restricted areas may have confidential information or sensitive equipment and therefore are limited […]

How to Create a NIST Risk Assessment Report (with Template)

Art Clomera Vice President, Operations It doesn’t do a lot of good to think about cybersecurity risks in generalities. It’s even worse to not think about them at all. Imagine contracting a security firm whose slogan was “We’ll wing it!”   Such vagueness invariably leads to a reactive – and, by definition, porous – risk posture […]

Security Assessment Report (SAR) Template, Guide, and Examples

Art Clomera Vice President, Operations Implementing effective security controls for information systems is a vital and complex undertaking. All Federal agencies require cybersecurity control measures in one form or another – and assessing their effectiveness is a challenge. Due to the complex and quickly evolving nature of cybersecurity threats, it can be difficult to accurately […]

How to Build Your System Security Plan (SSP) with Examples and Template

Art Clomera, Vice President Operations Information system development, use, and eventual decommissioning requires a lot of paperwork – reports, signatures, manuals, approvals, and more. Amongst this mountain of documentation, the System Security Plan (SSP) may well be the granddaddy of them all. It is the encyclopedia and guidebook of all security aspects related to the […]

How to Conduct Cybersecurity Compliance Risk Assessments in 4 Steps

Shawn Elliott, Vice President, Federal Solutions In an organizational context, “being in compliance” refers to an organization conforming to the applicable standards and rules set by governing entities. These standards and rules can be both external (e.g. laws, industry standards, regulations) or internal (e.g. company policies). Failure to adhere to applicable standards can lead to […]