@kamilsec!!! You make me relive the training section in class man. You are always best at what you do brother. I am so honored to have you as my instructor and mentor in this Cybersecurity domain. ❤
wooooooooooooow kamil U THE REAL DEAL BLESS UR HEART BRO. THE KNOWLEDGE YOU JUST PUT OUT THERE IS AWESOME. WELL EXPLAINED VIDEO AND ON POINT THE SKY IS UR LIMIT BRO!
Excellent I learn alot, I have gone through two classes on the rmf, no details like you break down the control implementation, you explain very well the details on Exata, and Csam, tools, and I did not understand appendix D and F and the difference s but now do very well, thanks alot.
Excellent narration and video. Thanks for your time and efforts. I am a CISSP and a cybersecurity professional trying to get into the world of GRC. This was very helpful.
@kamilsec It's almost 1am here, I just binge watched your categorization video and this one :) I really enjoyed both videos and have a lot more clarity on these topics. Thanks so much for this selfless service!
Awesome Info. Thanks for always pushing out informative content in regards to our RMF Journey in the cyber world. You simplify and explain to your best ability. Its really helpful !! God Bless KamilSec !!!
Very very Good material you are putting out here Man. And the most diffrence here is that beside going through the basic of explanations, You break it down with a Hands On exercice. Good job. I am new in this RMF, But you make it not to be scarry at all just by following your tutorial.
You are very good sir I really really enjoyed your video.I’m taking a RMF class and this was one of the most confusing part but with your video it made me understand very well with the nist 800-53 and all the appendices selection controls..thank you plus I just subscribed to your channel 😁😁👏👏
I must say you provide great insight and clear explanations, based on the RMF the step after control selection is Implementation but through your videos I saw all the steps except the Implementation. I watched this video and just asking if the entire Implementation is the statement you provided towards the end of this video?
Hi Idara, no... the implementation step is more than that. Depending on the type and class of the control, the implementation process will vary. For instance if we are dealing with Technical controls that requires the developers or the engineers to deploy a code or even hardware device, then we will have to sit or meet with them so they explain the process and we write the Implementation Statement based on the explanation. In some cases the developers can write the steps for us and we (Security Analyst) will craft the Implementation Statement. However if the controls are Operational and Management controls that are all documentaions the Security Analyst can work with the System Owner to address the organizational process to write the Implementation Statement. So in a nut shell Implementation Statement is not generic, it is subjective based on the family and class of the control in questions.
DOJ's proprietary Cyber Security Assessment and Management (CSAM) automates assessments and authorizations to provide a comprehensive assessment and continuous monitoring service. More than 20 government agencies depend on the CSAM service to fulfill their Assessment and Authorization (A&A) needs. It provides the capability to assess, document, manage, and report on the status of information technology for the risk management framework. XACTA is also similar tool
Thank you so much for sharing. Very helpful. Can I get all your video links? I will be seeking a cybersecurity job in a few months., Now on security plus training.
Great video prof, can I please ask why you didn’t use the fedramp ssp template or is it still the same? Or after selecting the controls in the spreadsheet do we transfer the information in it to the fedramp moderate ssp template.
@kamilsec, so this spreadsheet is totally different from SSP? To my understanding, this spreadsheet is created by ISSO and system owners? then Authorize official(AO) authorized it.
Yes the spreadsheet is different, in some cases the spreadsheet is embedded into the PDF copy of the SSP. The spreadsheet, if it is being use in the agency, then there is a template that every system follows.
If the crm from Fedramp has the wrong controls selected, and I have to tailor the service provided system specific(Inhereted, if I am correct), and the service provider Hybrid(hybrid) how do I know which control to apply to which. Please if you have an easier way of contact dont my sharing. I am using csam as the tool, but I am not sure how to select the proper controls or tell which controls go to where.
Hi De Way, If the control is not implemented, then is it Planned or Compensated? That answer should be in the implementation column. Hope that answers your question.
Not all, some controls that relates to SA will need some system owner inputs, some will be system admins that will help you write the Implementation Statements.
Nkum, So being that AC-3 is selected for all the 3 baseline (Low. Mod and High systems) if for some unlikely reason, this control is not implemented on a system then you will need a higher level signature approving why this control is not needed, and therefore Tailored.
Hi Chibinezie, Implementation statements are not in any document. As a Security Analyst or ISSO you have to write some and coordinate with the sys admins to write some.
![Megan Thee Stallion - Neva Play (feat. RM) [Official Video]](http://i.ytimg.com/vi/TpYTyAaTRts/mqdefault.jpg)
Watching these videos are helpful, there is no need to waste your money on rmf classes.
You are right I pray that God bless KamilSec
I am glad my videos are helpful...
Thanks!
@kamilsec!!! You make me relive the training section in class man. You are always best at what you do brother. I am so honored to have you as my instructor and mentor in this Cybersecurity domain. ❤
Thanks Michael...
wooooooooooooow kamil U THE REAL DEAL BLESS UR HEART BRO. THE KNOWLEDGE YOU JUST PUT OUT THERE IS AWESOME. WELL EXPLAINED VIDEO AND ON POINT THE SKY IS UR LIMIT BRO!
Thanks Steve!
This is what I was looking for, for a long long time
I am glad you found it! Please share so others can see it
@@KamilSec I've ❤️❤️.
Are you planning to create a new video with a newer version, I'm happy to collaborate and participate in the making of it
Wow, most people will charge for this beautiful illustration. Great job and thank you. Subscribing
You're welcome! I am glad it was helpful and thanks for the sub!
Excellent I learn alot, I have gone through two classes on the rmf, no details like you break down the control implementation, you explain very well the details on Exata, and Csam, tools, and I did not understand appendix D and F and the difference s but now do very well, thanks alot.
Glad it was helpful! Appreciate your comment and commendations... Thanks!
I love the way you break things down. Will need interview guidance.
Thanks for sharing these videos!
You're welcome Kwaku
Excellent narration and video. Thanks for your time and efforts. I am a CISSP and a cybersecurity professional trying to get into the world of GRC. This was very helpful.
I am glad it was helpful. Best of luck!
This is my second time of watching your above presentation . You really made it very easy to understand. You are a genus. Thank you.
You're very welcome, glad it was helpful!
The video is easy to understand as the facts are well explained.
@kamilsec It's almost 1am here, I just binge watched your categorization video and this one :) I really enjoyed both videos and have a lot more clarity on these topics. Thanks so much for this selfless service!
You're very welcome, I am glad the videos were helpful.
Best of all explanations in the world so far. Big ups and bless up
Thanks Lawrence!
Awesome Info. Thanks for always pushing out informative content in regards to our RMF Journey in the cyber world. You simplify and explain to your best ability. Its really helpful !! God Bless KamilSec !!!
Glad it was helpful! Thank you!
Very very Good material you are putting out here Man. And the most diffrence here is that beside going through the basic of explanations, You break it down with a Hands On exercice.
Good job. I am new in this RMF, But you make it not to be scarry at all just by following your tutorial.
I appreciate that!
I have sent you an email
Please respond in order to initiate a meeting and live discussion.
Thanks
Excellent practical and hands-on presentation. Great job!
Glad you liked it!
Why we do have so many likes for this video folks? Thanks my dear for our this free infos.
You are so good! This video was super helpful and it felt hands on.
Glad it was helpful!
thank you for the implementation statements in the video description. that was very helpful
Glad it was helpful!
Thank you Sir for the lovely break down. I wish to ask if you have a hands on video for the Implementation step ?
Not yet on RUclips
This is Super
You are very good sir I really really enjoyed your video.I’m taking a RMF class and this was one of the most confusing part but with your video it made me understand very well with the nist 800-53 and all the appendices selection controls..thank you plus I just subscribed to your channel 😁😁👏👏
Awesome, I am glad it was helpful. You are very welcome!
God bless you , thank you so much for this ... subscribed and liked
Thanks!
Super helpful!! Great content, great voice and even greater facilitator. God bless bro
Glad it was helpful! Ameen and Thanks!!!
Thank you very much !!!
You are very welcome!
Amazing Job!!
this was very helpful thank you very much
You are great.
Thanks for the kind words!
This was very helpful. Thank you
Glad it was helpful Karen!
I must say you provide great insight and clear explanations, based on the RMF the step after control selection is Implementation but through your videos I saw all the steps except the Implementation. I watched this video and just asking if the entire Implementation is the statement you provided towards the end of this video?
Hi Idara, no... the implementation step is more than that. Depending on the type and class of the control, the implementation process will vary. For instance if we are dealing with Technical controls that requires the developers or the engineers to deploy a code or even hardware device, then we will have to sit or meet with them so they explain the process and we write the Implementation Statement based on the explanation. In some cases the developers can write the steps for us and we (Security Analyst) will craft the Implementation Statement. However if the controls are Operational and Management controls that are all documentaions the Security Analyst can work with the System Owner to address the organizational process to write the Implementation Statement. So in a nut shell Implementation Statement is not generic, it is subjective based on the family and class of the control in questions.
@@KamilSec Great information, thank you for sharing
Thank you sir!
You are very welcome!
Wooow!! Great work there m’mabia.
Thank you 🙌
this was very deep. i am informing all my friends to subscribed to this page .
Much appreciated Seth.
Thanks so much Kamilsec 🙏
This was really helpful! Thank you
Glad it was helpful!
Nice presentation.
Thank you!
very good! Very useful Thanks!
You're welcome. Glad it was helpful!
i enjoyed listening and learning. can you recommend a simple way to get implementation to save time
To get it simply, you need to understand how the organization implement the controls.
You are a pro 🎉🎉
Thank you!
thank u so much for the videos. i think i saw as reference OMB for AC-11. Correct me if i'm wrong
Could be
Thank you for the information! What exactly is the CSUM and X Factor software or where can I find more information about them? Would be very useful
DOJ's proprietary Cyber Security Assessment and Management (CSAM) automates assessments and authorizations to provide a comprehensive assessment and continuous monitoring service. More than 20 government agencies depend on the CSAM service to fulfill their Assessment and Authorization (A&A) needs. It provides the capability to assess, document, manage, and report on the status of information technology for the risk management framework. XACTA is also similar tool
Great stuff brother. Do you by chance know resources that give examples of implementation details for all the families.
No, I do not have anything like that, partly because different organizations implement the controls differently
Excellent sir! I’ve really learned a lot through this video! Please sir, I would like to know where did you get those implementation statements ?
I am glad the videos were helpful. For the Implementation Statements, I made them up for the purpose of the video.
Thank you so much for sharing. Very helpful. Can I get all your video links? I will be seeking a cybersecurity job in a few months., Now on security plus training.
check out the kamilsec channel homepage: ruclips.net/user/KamilSecvideos
Great video prof, can I please ask why you didn’t use the fedramp ssp template or is it still the same? Or after selecting the controls in the spreadsheet do we transfer the information in it to the fedramp moderate ssp template.
Dont forget, we do have FISMA assessment and FedRAMP assessment. So this is more on the FISMA Assessment....
Kamil the great
hi Kamil can you please do a video on how to select controls using nist 800 - 53b thanks
I think there is not much different from the Rev 4, but I will look into it if need be.
@@KamilSec Thanks very much Kamil
@kamilsec, so this spreadsheet is totally different from SSP? To my understanding, this spreadsheet is created by ISSO and system owners? then Authorize official(AO) authorized it.
Yes the spreadsheet is different, in some cases the spreadsheet is embedded into the PDF copy of the SSP. The spreadsheet, if it is being use in the agency, then there is a template that every system follows.
Thanks for this for real
You're welcome bro!
If the crm from Fedramp has the wrong controls selected, and I have to tailor the service provided system specific(Inhereted, if I am correct), and the service provider Hybrid(hybrid) how do I know which control to apply to which. Please if you have an easier way of contact dont my sharing. I am using csam as the tool, but I am not sure how to select the proper controls or tell which controls go to where.
always go by the controls recommended by the baselines and you start your tailoring from there...
Good day, for people who have already taken a class, do you have a class, specifically for interviews?
lets chat on kaamilzak@gmail.com
Can i get a copy of the spreadsheet?
Do you have videos for implantation for using NIST SP 800-53 rev 5
Not yet....
@@KamilSec ok…. Thanks i need an hands on on Rev 5
@KamilSec, I didn't understand in base of what must be chosen low, medium or high, how can i know?, thanks
You will know what baseline (Low, Med, High) based on the FIPS-199 categorizations.
@@KamilSec thanks 😉
🎉
thanks so much for this . Can i contact you for interview guidance
You're very welcome. Yes sure, you can!
If the control status is “not implemented” what do you have write under the implementation statement for that control?
Hi De Way, If the control is not implemented, then is it Planned or Compensated? That answer should be in the implementation column. Hope that answers your question.
@@KamilSec how can I get in touch for mentorship
@@deway7408 Kaamilzak@gmail.com
Please can I contact you privately, this is a very lovely lecture.
kaamilzak@gmail.com
Doesn’t eMASS take care of all the documentation and making the use of Excel obsolete?
I mentioned in the video that this process has been automated, however not all Fed agencies use eMass, Xacta and so on.
@@KamilSec Ah definitely missed that! You're spot on with the video. I'm new to RMF and this series has been awesome. Appreciate you!
PLEASE DOES THE SELECT IMPLEMENTATION STATEMENT PROVIDE SOLELY BY THE SYSTEM OWNER, PLS I NEED ELABORATION FROM THIS POINT
Not all, some controls that relates to SA will need some system owner inputs, some will be system admins that will help you write the Implementation Statements.
@kamilsec so if the control is not selected like AC-3, do you still have to put it in system or do you need high up tailor it?
Nkum, So being that AC-3 is selected for all the 3 baseline (Low. Mod and High systems) if for some unlikely reason, this control is not implemented on a system then you will need a higher level signature approving why this control is not needed, and therefore Tailored.
@@KamilSec So when you Tailored the control you still document it on spreetsheet?
Is this spreadsheet exportable from the current version of eMASS
I believe so, not really familiar with eMASS
&bh bb&b vv
good day, which document can we find the implementation statement?
Hi Chibinezie, Implementation statements are not in any document. As a Security Analyst or ISSO you have to write some and coordinate with the sys admins to write some.
@@KamilSec thank you
where can I download this template? thank you
kamilsecfiles.s3.amazonaws.com/RUclips_Shares/Control+Selection+Homework_Spreadsheet.xlsx
I am about to pay $2k for a cyber security crash course...good idea or naaah?
I will say, it depends on the material and also the past students review of the course...
thanks but your videos do have low volume to them
Hmmm Sorry about that, I am not sure what happened, I checked all videos for audio quality before upload
Your voice isn't coming out clearly
This is the first time I am hearing this…try checking your computer/phone audio settings
I could hear him just fine
Thanks for the information; this is really helpful.
Glad it was helpful!
This was very helpful! Thank you!
Glad it was helpful!