Mastering The Risk Management Framework Revision 2

This book provides an in-depth look at the Risk Management Framework (RMF) and the Certified Authorization Professional (CAP) (c) certification. This edition includes detailed information about the RMF as defined in both NIST SP 800-37 Revision 1 and NIST SP 800-37 Revision 2 as well as the changes to the CAP introduced on October 15th, 2018. Each chapter focuses on a specific portion of the RMF/CAP and ends with questions that will validate understanding of the topic. By implementing security controls and managing risk with the RMF system owners ensure compliance with FISMA as well as NIST SP 800-171.

Hacking With Kali

Hacking with Kali introduces you the most current distribution of the de facto standard tool for Linux pen testing. Starting with use of the Kali live CD and progressing through installation on hard drives, thumb drives and SD cards, author James Broad walks you through creating a custom version of the Kali live distribution. You’ll learn how to configure networking components, storage devices and system services such as DHCP and web services.

Risk Management Framework

The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly implement this process. No other publication covers this topic in the detail provided in this book or provides hands-on exercises that will enforce the topics. Examples in the book follow a fictitious organization through the RMF, allowing the reader to follow the development of proper compliance measures. Templates provided in the book allow readers to quickly implement the RMF in their organization. The need for this book continues to expand as government and non-governmental organizations build their security programs around the RMF. The companion website provides access to all of the documents, templates and examples needed to not only understand the RMF but also implement this process in the reader’s own organization.

  • A comprehensive case study from initiation to decommission and disposal
  • Detailed explanations of the complete RMF process and its linkage to the SDLC
  • Hands on exercises to reinforce topics
  • Complete linkage of the RMF to all applicable laws, regulations and publications as never seen before