Recklesss Compliance
A Federal Security & Compliance career is a very rewarding career - we get the honor and privilege of protecting some of the most guarded assets of our great country. However, it doesn’t come without a cost. We often take the brunt of the beating when it comes to the regulations that are impeding innovation.
Join federal security professional Max Aulakh as he distills the challenges facing our career field, pulling back the curtain on culture, emerging technical knowledge, ATOs, CMMC and various federal cyber frameworks.
Each episode is jam-packed with powerful information to cut through the noise. We will break down tools, tips and techniques to help you get better and to quickly get through the federal accreditation processes. It doesn’t matter what type of systems or technology you are dealing with, if you have heard of or are familiar with terms like STIGS, SAP, SAR, FedRAMP, and ConMON or newer terms like cATO, Big Bang, OSCAL, CMMC and SBOMs - we will break it all down.
Recklesss Compliance
Control Inheritance vs. Reciprocity
In this episode, Max discusses the fundamental concepts of Control Inheritance and System Reciprocity, highlighting their differences, applications, and importance in the realms of cybersecurity and organizational governance. This topic ties in closely with his recent LinkedIn post about the need for a credit system for security work being done within different parts of the DoD.
Topics Covered
- Control Inheritance:
- Definition and significance in cybersecurity.
- Examples of control inheritance, such as identity management systems.
- Utilization of control catalogs, like NIST's 800-53, for formal control inheritance.
- System Reciprocity:
- Explanation of reciprocity agreements between organizations.
- Distinction between Authority to Connect (ATC) and Authority to Operate (ATO).
- Intersection of Inheritance and Reciprocity:
- Clarification of the relationship between control inheritance and reciprocity processes.
- Ensuring compliance with controls and agreements for establishing reciprocity.
- Common misconceptions and reasons for conflating inheritance with reciprocity.
Resources
RMF Process and Reciprocal Agreements
DISA Connection Approval Process for Authority to Connect
Max Aulakh Bio:
Max is the Managing DIrector of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.
Max Aulakh on LinkedIn
Ignyte Assurance Platform Website