Federal Cybersecurity Leader | NIST RMF | Microsoft 365 & Azure Security Compliance
Welcome to my Governance, Risk, and Compliance (GRC) portfolio.
This repository showcases my applied documentation, policy authorship, and control implementation work aligned with FedRAMP Moderate, NIST SP 800-53 Rev. 5, NIST SP 800-171, and DoD cybersecurity standards.
Each folder represents a distinct compliance artifact, policy set, or technical lab used to demonstrate proficiency in federal security governance, risk management, and control validation.
| Section | Description |
|---|---|
| 📊 Risk Register | Example risk catalog with scoring rubric (NIST SP 800-30). |
| 🧩 Vendor Security Questionnaire | Supplier risk review modeled after NIST SR and FedRAMP SA-9 controls. |
| 🧱 Security Policies (FedRAMP Moderate) | Password, Access Management, and Acceptable Use policies. |
| 🛡️ Incident Response | Plan outlining NIST SP 800-61r2 detection, containment, and reporting lifecycle. |
| 📈 Continuous Monitoring | Monthly/quarterly POA&M, vulnerability scan, and metrics process. |
| 🗂️ Data Classification | Classification matrix for CUI, PII, and internal data per DoDI 5200.48. |
| 🧱 Vulnerability Management | ACAS/Defender workflow, patch validation checklist, and metrics report. |
| 🤖 AI Compliance | NIST AI RMF–aligned governance: Use Policy, Risk Register, Model SOP, and Impact Assessment. |
This portfolio maps directly to major federal and industry frameworks:
| Framework | Reference |
|---|---|
| FedRAMP Moderate | NIST SP 800-53 Rev. 5, FedRAMP Security Controls Baseline |
| NIST Risk Management Framework (RMF) | SP 800-37r2, SP 800-30 |
| NIST 800-171 / DoDI 5200.48 | Controlled Unclassified Information (CUI) handling |
| CMMC Level 2 Readiness | Alignment with Access Control (AC), Identification and Authentication (IA), and Risk Assessment (RA) domains |
| NIST AI RMF v1.0 | Govern, Map, Measure, Manage — used for AI risk and accountability models |
- Microsoft 365 E5 Security Stack – Defender, Entra ID, Intune, Purview
- Azure Sentinel (SIEM) – Incident detection and continuous monitoring metrics
- Tenable ACAS / Nessus – Vulnerability identification and POA&M linkage
- GitHub Markdown & Jekyll (Cayman Theme) – For static policy and documentation hosting
Information Systems Security Professional — APJ Enterprise LLC
Location: Stafford, VA
- Over a decade of DoD and federal cybersecurity leadership experience.
- Specialized in FedRAMP, NIST RMF, CMMC, and Microsoft 365 compliance governance.
- Proven record of authoring accreditation documentation, running risk programs, and leading compliance automation initiatives.
📧 JeanetteD_Jordan@outlook.com
🔗 GitHub • LinkedIn
🌐 Live Site: https://jjordan1983.github.io/grc_portfolio/
Licensed under the MIT License.
© 2025 Jeanette Jordan – All Rights Reserved.
This repository serves as a professional demonstration of GRC documentation and compliance readiness for FedRAMP, DoD RMF, and emerging AI governance frameworks.