Our goal is to help companies direct the most rigorous processes towards development and maintenance of its stated mission. We help clients determine how to integrate RMF activities into the system life cycle. We work with the Program Manager to implement an RMF that prioritizes their business risks and assets, and help them plan strategies, and roll out tactical plans that align with the company’s business objectives.
RMF Consulting Services
Our RMF consulting services include, but are not limited to, the following:
1
Supporting the Program Manager in identifying key personnel, forming an RMF team, and conducting a successful RMF “project kickoff.”
2
Supporting the RMF team in determining system categorization and selecting/augmenting the baseline security controls (security requirements)
3
Supporting the RMF team in initiating and executing a System Security Plan (SSP)
4
Supporting the system development team in implementation of security controls and developing documentation, such as policies, operating procedures, “as built” documentation and other “artifacts”, in support of the RMF process
5
Supporting the RMF team in evaluating compliance with security controls
6
Supporting the Program Manager and development contractor to ensure system information is appropriately entered into the organization’s RMF support system (e.g., eMASS for DoD)
7
Supporting the Program Manager and development contractor to properly prepare for independent assessment (testing)
8
Supporting the Program Manager during the assessment process
9
Supporting the Program Manager in developing the Authorization Package, including the System Security Plan (SSP) and Plan of Action & Milestones (POA&M)
10
Supporting the Program Manager in maintaining Authorization, conducting annual reviews as required by FISMA, and conducting re-Authorization as required
11
Supporting the Program Manager in transitioning from DIACAP to RMF (where applicable)