Part I covers the basics of compliance, including laws and regulations, that mandate systems like the RMF. It discusses the history of certification and accreditation and its evolution into the RMF and the RMF’s integration into the system development lifecycle (SDLC). It also introduces the Department of Social Media (DSM), the organization used for the exercises in this book.
The mantra of any good security engineer is: “Security is a not a product, but a process.” It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together.
— Bruce Schneier