About Us

About the Instructor:

Keith Frederick, BS EE, MBA, CISSP, CAP, CRISC, Author completed more than 35 years of information systems assessment experience to include over 25 years of information assurance, Certification and Accreditation (C&A), Risk Management Framework (RMF), and Federal Information Security Management Act (FISMA).  Keith has with a proven record of success as a Security Control Assessor (SCA) and an information system security engineer.  Hands-on experience includes hundreds of systems’ security control assessments, information systems development, systems analysis and design, key management services, programming, program design, as well as preparation in resource planning, programming, and budgeting.   Specialized experience includes system analysis and design of security software in both operating systems and applications. Additional experience includes managing large-scale information engineering projects in supervisory and developer roles using CASE and IE tools and providing technical guidance in software engineering techniques.

• Authored “Independent Testing for Risk Management Framework (RMF), Assessment Test Plan (ATP)” ISBN: 9781626755963.

• Authored “Authorizing Official Handbook for Risk Management Framework (RMF)” ISBN: 9781626757981.

• Authored “Cybersecurity - not just an “IT” problem”, digital energy journal Publication - June / July 2013. A cybersecurity article for the Oil and Gas industry.

Developed and taught numerous Information Assurance classes from RMF, Network Security, to Practical Information Assurance and many others.

Invented, developed and implemented:

• The RMF Security Lifecycle tool Cyber Profile ™ (CP™) that automates the continuous monitoring throughout a system’s lifecycle and accomplishes the Security Authorization Package (SAP) documents and reports.  (5^th Generation)
• The C&A tool Risk Management System™ (RMS™) that helps users with the C&A workflow and documentation. Made standard throughout Department of Homeland Security.  (4^th Generation)
• The vulnerability management tool Enterprise Vulnerability Management™ (EVM™). Made standard throughout the Federal Government by Office of Budget and Management (OMB). (3^rd Generation)
• The C&A tool Security Analyst Workbench™ (SAW™) that helps users with the C&A workflow and documentation. (2^nd Generation)
• The security databases tool Total Enterprise Security Service™ (TESS™), which sold to security professionals.  (1^st Generation)

Supports NIST’s security working group providing reviews and comments on the development of NIST Special Publications (SP) (i.e., NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems and NIST SP 800-37 Rev 1, Guide for Security Authorization of Federal Information Systems, A Security Life Cycle Approach).

Member of the task group that reviewed and committed on the DoD Information Technology Security Certification and Accreditation Process (DITSCAP) and the DoD Information Assurance Certification and Accreditation Process (DIACAP). 

Authored Air Force System Security Instruction (AFSSI) 5024, Volume 1-4 "The Certification and Accreditation (C&A) Process".  This is the first official government document that standardized the RMF/C&A Process.

Authored and presented a paper published nationally on an approach for accomplishing certification and authorization (C&A) on information systems at the 16th National Computer Security Conference hosted by National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) and again at the Standard System Center Conference hosted by Air Force Standard System Center.