A defender-side look at where PRC pre-positioning campaigns against critical infrastructure stand heading into 2026, what living-off-the-land actually looks like in the SIEM, and which tuning calls separate the teams that catch it from the teams that don’t.
Agentic systems with tool calls, MCP servers, and dynamic context don’t fit the static system boundary model RMF was built for. Here is how to draw a defensible boundary in 2026.
RMF Control CA-2: Control Assessments requires organizations to assess the implementation and effectiveness of security controls. This includes assessing the controls that are in place to protect information systems and their data. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. …
RMF Control CA-6: Authorization requires organizations to authorize the operation of information systems and the processing, storage, and transmission of information by those systems. This authorization must be based on an assessment of the risks to the organization and the effectiveness of the organization’s security controls. Supplemental Guidance The Risk Management Framework (RMF) is a …
