Skip to main content

About This Project
Introduction
NIST
OMB
- OFCIO can't enforce RMF
- Agencies are in charge
Federal Agencies
Authorizing Officials
Vendors
Recommendations
Conclusion
Acknowledgements
Appendices
About Us

Question? Comment? Email us!

Security and the RMF

Service Design Collective

Appendices
C Reports & references

Appendix C: Reports & references

NIST working on ‘potential significant updates’ to cybersecurity framework
Agencies Need to Develop Modernization Plans for Critical Legacy Systems
Bill would reform cybersecurity management
Authorization to Operate Field Guide
Oversight.gov
Plainlanguage.gov
How Complex Systems Fail
Conway’s Law
Research: Simple Writing Pays Off (Literally)
The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation)
General Accountability Office: Healthcare.gov
Cybersecurity & Infrastructure Security Agency: Cybersecurity/IT Careers
The Cybersecurity Workforce Gap
Beyond Compliance–Addressing the Political, Cultural and Technical Dimensions of Applying the Risk Management Framework
Federal IT Dashboard
Federal Agencies’ Reliance on Outdated and Unsupported Information Technology: A Ticking Time Bomb
Agencies Need to Develop Modernization Plans for Critical Legacy Systems (2019, 2021 & 2023)
Shadow IT Provides Clues to the Tech That Federal Workers Really Need
GSA security authorization guidelines
GSA Lightweight Authority to Operate process
FEDRAMP tailored authorization for Software as a Service (Li-SaaS)
Digital.gov: An Introduction to ATO

This site was last updated on 28 JAN 2025.