The discussion on ICD 503 and the Risk Management Framework will be led by Steven Rodrigo, Principal Security Specialist for Tenacity Solutions Inc. and focus on the following:
- Key updates to ICD 503 and associated RMF documents
- Brief update on overlay status
- RMF implementation and ITE
- Some key lessons learned with ICD 503 implementation.
- Q&A Discussion period.
Mr. Rodrigo has been involved extensively over the years with the C&A transformation initiative supporting the Director of National Intelligence IC CIOs office and was recently responsible for drafting and coordinating key updates to ICD 503 and other key documents associated with the transformation initiative. Mr. Rodrigo was a contributor to NIST Special Publication[masked], Guide for Conducting Risk Assessments (Sept 2012) and most recently contributed to Risk Management Framework, A lab based approach to Securing Information Systems by James Broad (Aug 2013). He has also participated in the instruction of over 900 National Reconnaissance Office (NRO) personnel on the basic tenets of the Risk Management Framework (RMF), documents used in support of the NIST RMF process, and the NRO’s implementation strategy of ICD 503 for the organization.