RMF LifeBoat Group – September 10th Meeting 11am-1pm on Understanding the new FAR 4.19: Basic Safeguarding of Covered Contractor Information Systems or, How I Learned to Stop Worrying and Love the Clause by Tony Barnett

At this meet up we will discuss the implementation of NIST Special Publication (SP) 800-171 into the new contractual regulations with the addition of Federal Acquisition Regulation (FAR) clause 52.204-21. We will review what guidelines have been incorporated, what has been omitted, and what impact the implementation of these regulations will have on contractors.

Getting started in the Risk Management Framework (RMF)? The first of the six RMF steps is to categorize the system. The second RMF step is to select controls. The lively discussions at this meetup will definitely help you build your understanding of these two steps.

Come prepared to enjoy and participate in our lively discussions by reading the newly released draft NIST SP 800-171 Revision 1, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”. Google for “NIST CSRC draft special publications”, go to the page, and scroll down until you find the link for “Mark-up Copy of Draft SP 800-171 Rev 1”. The significant changes between June 2015 and now are easily spotted in the mark-up draft copy. Basic information is provided on pages ii – viii (Roman numerals), 1-7, and in the updated glossary on pages 19-27. Some requirements on pages 8-18 may also be addressed. Be sure to use color printing for any printouts so you can see the red colored changes in the draft version.

We are very fortunate to have Tony Barnett present on this subject. Tony has 20+ years of working with organizations in the financial, software and managed services industries on both federal and commercial sides.

Note that this will be the eighteenth meeting discussing cyber security aspects related to the RMF. At our last meeting, Law McCardle shared his experience Enhancing Situational Awareness in the Cybersecurity Landscape. His presentation is available in the meetup’s library for meetup members. Also review the post meeting’s discussions for additional references.

REGISTER at http://www.meetup.com/NCR-Risk-Management-Framework-Lifeboat/ SOONEST. You’ll find the practical information for our LifeBoat group meeting there. You can also tell other folks that they can easily get information and RSVP by starting on our ISSA Northern Virginia (NOVA) home page at http://www.issa-nova.org

If anyone decides against using a free Meetup account, they are welcome to call 703-402-4379 to RSVP and get the practical details (where, when, and free parking). They can also optionally request to be added to our BCC email distro list. HOWEVER, many valuable RMF LifeBoat files are posted on our meetup for download by our Meetup group members.