Federal Practice

FISMA & NIST RMF

Federal information security, NIST Risk Management Framework, SP 800-53 control families, and Authorization to Operate.

All FISMA & NIST RMF FedRAMP CMMC Federal AI Governance GovCon Compliance Federal Cybersecurity Federal Zero Trust Federal GRC Engineering AI Governance GRC Engineering Cybersecurity Cloud Security HIPAA SOC 2
FISMA & NIST RMF

NIST RMF Step-by-Step: The 7-Step Implementation Guide for Federal Systems

April 11, 2026 | 22 min read

Every federal agency that failed an authorization review in the past three years has something in common. The finding is rarely about a missing firewall rule or an unpatched server. The finding is about a...

Read the Guide
FISMA & NIST RMF

NIST 800-171 Rev 2 vs Rev 3: What Defense Contractors Need to Know

April 9, 2026 | 14 min read

Two defense contractors received the same Cybersecurity Maturity Model Certification (CMMC) Level 2 notice in Q1 2026. The first pulled up (NIST SP 800-171 Rev 2), confirmed their 110-control gap analysis, and started booking Certified...

Read the Guide
The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.