Skip Ribbon Commands
Skip to main content

Cybersecurity Community Homepage

Tools and TrainingTools and Training
Tools and TrainingIn page navigation
CalendarCalendar for Cybersecurity Events page navigation
TrendingTrending page navigation
Contact UsContact Us
Contact UsIn page navigation
1/20/2023 3:06 PM
7/21/2022 9:37 AM
3/29/2022 11:30 AM
3/7/2022 11:36 AM
1/28/2022 11:20 AM
1/27/2022 11:14 AM
1/24/2022 12:23 PM
12/27/2021 10:11 AM
12/10/2021 9:31 AM
11/29/2021 4:43 PM
11/26/2021 10:29 AM
11/23/2021 11:11 AM
11/15/2021 3:32 PM
Picture Placeholder: rcshanah
  • rcshanah
01/20/2023 2:57 PM

I'm reaching out on behalf of the OUSD(R&E) CRWS-BoK team to inform you that version 3.0 of the CRWS-BoK portal ( has been released! Please see the official press release for more info:

1/20/2023 2:57 PMNo
Picture Placeholder: HECTOR RODRIGUEZ
19/1/2021 4:07 PM

Hi, Team. 

I came from Program Management and I understand how to define cyber requirments during source selection. I have written a compliant Performance Work Statement, a guide and an audit program for the contractor Cybersecurity Work Force. I'm also working on metrics for system security posture using information from the existing systems of record (eMASS, Xacta, etc.).

I can also help with contractor compliance with DoD 8570.01-M, AFMAN 17-1303, AFI 17-101, AFI 17-130, and AFI 17-1203. I can help you create a template specific to your program. I'm happy to help and start the info exchange. 

Qualified CORs are the answer to most of our cybersecurity problems. I've been working on this issue for 2 years and I have a program that will be 100% compliant with DoD & AF Cyber Guidance by Jan 2022. My contractor cybersecurity work force will be 100% compliant at the end of this month. I'm now applying this process to other contracts with great results. 

I'm sharing this here to help fix our very real cyber security problem. 

Is there any interest?

Best regards,

Hector Rodriguez

JOSHUA BANTE3/23/2022 1:11 PMNo
Picture Placeholder: rcshanah
  • rcshanah
010/28/2021 6:33 PM

Discussion on current policy on Technology Area Protection Plans and Science and Technology (S&T) Protection Plans (STPP). Discussion includes new S&T protection updates to the DAU ACQ 160 course.

DAU Event - Acquisition Topics: Technology Area Protection Plans

10/28/2021 6:33 PMNo
Picture Placeholder: dau13044000662
  • dau13044000662
11/19/2021 4:26 PM

Just saw DoDi 5000.90 released and was pleased by the direct language in it.  I, however, am being told that a PM has the authority to lawfully exercise discretion by allowing a system to proceed out of CDR with no SSE being addressed and stating otherwise is a disagreement of policy.  Additionally, the PM is able to accept the risk to not have cybersecurity addressed or considered as part of any design reviews and because the system is still in development this risk is not insurmountable and therefore not an issue.  Still further the belief is that If the program completely failed to build any cybersecurity into the system there would be no danger as the Department of the Army would review the system, find it deficient, not grant the required IATT or ATO.  It sounds like the Army is stating cybersecurity is optional and there is no issue with not addressing it till you need an IATT or ATO, if at all.  Is this right?

Picture Placeholder: Stephanie Thomaston
  • Stephanie Thomaston
08/17/2021 9:36 AM

Draft NIST Special Publication (SP) 800-53A, Revision 5, Assessing Security and Privacy Controls in Information Systems and Organizations, provides organizations with a flexible, scalable, and repeatable assessment methodology and assessment procedures that correspond with the controls in NIST SP 800-53, Revision 5. Like previous revisions of SP 800-53A, the generalized assessment procedures provide a framework and starting point to assess the enhanced security requirements and can be tailored to the needs of organizations and assessors. The assessment procedures can be employed in self-assessments or independent third-party assessments.

In addition to the update of the assessment procedures to correspond with the controls in SP 800-53, Revision 5, a new format for assessment procedures in this revision to SP 800-53A is introduced to:

  • Improve the efficiency of conducting control assessments,
  • Provide better traceability between assessment procedures and controls, and
  • Better support the use of automated tools, continuous monitoring, and ongoing authorization programs.

NIST is seeking feedback on the assessment procedures in this publication and in electronic versions (OSCAL, CSV, and plain text), including the assessment objectives, determination statements, and potential assessment methods and objects. We are also interested in the approach taken to incorporate organization-defined parameters into the determination statements for the assessment objectives. To facilitate their review and use by a broad range of stakeholders, the assessment procedures are available for comment and use in PDF format, as well as comma-separated value (CSV), plain text, and Open Security Controls Assessment Language (OSCAL) formats.

The comment period is open through October 1, 2021. See the publication details for a copy of the draft and associated files, and instructions for submitting comments. We encourage you to submit comments using the comment template provided.

Please submit inquiries to [email protected].

NOTE: A call for patent claims is included on page vii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Publication details:

ITL Patent Policy:

8/17/2021 9:36 AMNo

 2022 ACQ Update and Registration

Stephanie ThomastonModerator/Editor 

 Cybersecurity Blog

Blog chat bubbles


 Related Resources

What's happening
Chat with DAU Assistant
Bot Image