Control Inheritance vs. Reciprocity

Recklesss Compliance

Apr 1 2024 • 12 mins

In this episode, Max discusses the fundamental concepts of Control Inheritance and System Reciprocity, highlighting their differences, applications, and importance in the realms of cybersecurity and organizational governance. This topic ties in closely with his recent LinkedIn post about the need for a credit system for security work being done within different parts of the DoD.

Topics Covered

  • Control Inheritance:
    • Definition and significance in cybersecurity.
    • Examples of control inheritance, such as identity management systems.
    • Utilization of control catalogs, like NIST's 800-53, for formal control inheritance.
  • System Reciprocity:
    • Explanation of reciprocity agreements between organizations.
    • Distinction between Authority to Connect (ATC) and Authority to Operate (ATO).
  • Intersection of Inheritance and Reciprocity:
    • Clarification of the relationship between control inheritance and reciprocity processes.
    • Ensuring compliance with controls and agreements for establishing reciprocity.
    • Common misconceptions and reasons for conflating inheritance with reciprocity.

Resources

Control Inheritance Blog

RMF Process and Reciprocal Agreements

DISA Connection Approval Process for Authority to Connect

DISN Connect Process Guide

Max Aulakh Bio:

Max is the Managing DIrector of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.

Max Aulakh on LinkedIn

Ignyte Assurance Platform Website

You Might Like

TED Radio Hour
TED Radio Hour
NPR
Acquired
Acquired
Ben Gilbert and David Rosenthal
Darknet Diaries
Darknet Diaries
Jack Rhysider
Hard Fork
Hard Fork
The New York Times
Marketplace Tech
Marketplace Tech
Marketplace
All-In with Chamath, Jason, Sacks & Friedberg
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Kim Komando Today
Kim Komando Today
Kim Komando
This Week in Tech (Audio)
This Week in Tech (Audio)
TWiT
Daily Tech News Show
Daily Tech News Show
Tom Merritt
Elon Musk Podcast
Elon Musk Podcast
Stage Zero
Security Now (Audio)
Security Now (Audio)
TWiT
Search Engine
Search Engine
PJ Vogt, Audacy, Jigsaw
WSJ’s The Future of Everything
WSJ’s The Future of Everything
The Wall Street Journal
TechStuff
TechStuff
iHeartPodcasts
Ask The Tech Guys (Audio)
Ask The Tech Guys (Audio)
TWiT
Rich On Tech
Rich On Tech
Rich DeMuro
The Vergecast
The Vergecast
The Verge
Endless Thread
Endless Thread
WBUR
The Artificial Intelligence Podcast
The Artificial Intelligence Podcast
Dr. Tony Hoang
Lofi ~ Sleep/Chill
Lofi ~ Sleep/Chill
Lofi King