Applying RMF skills to a FISMA ATO project

old.reddit.com / @/u/PoconoChuck, https://old.reddit.com/user/PoconoChuck

I have eight years of hands-on work with DoD RMF as an ISSO and ISSM. I understand FISMA is related to RMF as both use NIST controls.

My company has me looking at an energy provider seeking to gain a FISMA ATO for their transmission business. When I asked whether the DoE would be the Cognizant Security Authority, the answer I received was, no; we will self-certify our ATO. I was expecting to be told DoE (or subordinate) is the CSA, the way DCSA is for DoD.

Is the customer able to self-certify? Are my skills at all useful in this arena?

submitted by /u/PoconoChuck
[link] [comments]

published 8 months ago


Previous

Is ePHI CUI ? Must a commercial company handling ePHI for a Department, be compliant witrh SP800171 ?
published 8 months ago

Next

Mapping of NIST CSF 2.0 to ISO27001:2022 controls (Excel)
published 8 months ago
See all items from the same source