A reader who calls herself “Thirsting for Knowledge” asks:
Dear Dr. RMF,
Recently I’ve seen a few RMF-related articles online that referred to something called the “knowledge service”. Can you tell me what exactly this service is and if you think it would help me develop my RMF skills. Is there a cost associated with this service and do you think my employer would pay for it? I am a contractor, not a DoD employee.
Dr. RMF Responds:
The RMF Knowledge Service is a website operated by DoD that contains a veritable treasure trove of RMF information … everything from security controls to RMF process steps to documentation artifacts, and more! Dr. RMF absolutely believes it would be helpful to you and highly recommends you become familiar with it at your earliest convenience. The URL is https://rmfks.osd.mil. For active military, DoD employees, and contractors that are sponsored for a Common Access Card (CAC), all that is needed is a CAC and you’re in!
If you do not have a CAC, there are a couple of additional steps you’ll need to complete. First, you’ll need a digital certificate from a vendor authorized by DoD. This is also called an External Certificate Authority (ECA) certificate. Your company may already provide this, but if you need to purchase one on your own, there is typically a fee of about $100 per year (it varies among vendors, so shop around). Second, you’ll need a DoD employee to “sponsor” you for access to the Knowledge Service. This requires only that the DoD employee be willing to verify that you have a legitimate “need to know”. If you are a contractor, the easiest way to get a “sponsor” is to ask one your DoD customers. Once your account is approved by your “sponsor”, you will be able to access the Knowledge Service – there is no additional cost.
Do you have an RMF dilemma that you could use advice on how to handle? If so, Ask Dr. RMF! BAI’s Dr. RMF consists of BAI’s senior RMF consultants who have decades of RMF experience as well as peer-reviewed published RMF research.
Want to see more of Dr. RMF? Watch our Dr. RMF video collection at https://www.youtube.com/c/BAIInformationSecurity
Dr. RMF submissions can be made at https://rmf.org/dr-rmf/