Skip to main content

What we do

Our work involves enabling our clients to succeed in RMF implementations by providing subject matter expert consulting services. We help our clients work through the RMF life cycle. Your team obtains the knowledge they need to be successful and BAI is there to support them through the roadblocks of obtaining an Authority to Operate.

Who we work with

Our consulting team provides direct assistance to DoD/Federal agencies, Product Developers/Vendors, and Service Providers as well as their supporting contractors as they work through the RMF process in pursuit of ATO.

We also have a history of providing support to customers in the medical device and diagnostic (MD&D) and building controls industry in information security compliance.

How we deliver

In order to maximize resources and efficiently deliver consulting services to our customers, BAI has developed a strategic partnership with Lightspeed, Produce, Protect, Perform (LP3). The BAI/LP3 Solutions team provides subject matter expert consulting services, enabling their clients to succeed in RMF implementation navigating the roadblocks in pursuit of Authorization to Operate (ATO). Together, BAI and LP3 have 40 years of information security experience and are recognized authorities in the areas of compliance, assessment and authorization (and we love this stuff!).

RMF Background

All DoD and Federal agencies need a formal authorization from the Government before their information systems are active and live. This is the official Authorization to Operate (ATO) which is required before starting an operation and reassessed periodically after that. The decision to grant ATO is based on an assessment of risk that includes a comprehensive analysis of compliance with an extensive set of technical and non-technical security controls, defining the overarching life cycle process called the Risk Management Framework (RMF). RMF roles and responsibilities, process steps, and documentation deliverables are detailed in the National Institute of Standard and Technology (NIST) Special Publication (SP) 800-37 and in DoD Instruction (DoDI) 8510.01. Security controls are published in NIST SP 800-53.

RMF as a Service (RaaS)

We offer proven SMEs in support of security compliance for products and services used by federal and DoD customers. We work alongside the client’s staff on each project on an as-needed basis to ensure that the project stays on track and achieves the coveted Authority to Operate (ATO).

Like RMF, RaaS is a multi-step process:

Step 1 Your staff receives RMF training on the roles, processes, and documentation required by RMF via our four-day RMF program.

Step 2 We provide a week of on-site support assisting your organization with kicking off RMF.

Step 3 Once you have completed your initial RMF kick-off, BAI can provide ongoing support via subject matter expertise ensuring successful implementation of RMF and ATO sustainability.

RaaS services can be implemented onsite or virtually via online collaboration platforms. RaaS delivery methods are solidified during the RaaS evaluation process. To request more information about engaging in a RaaS evaluation complete the form below to be contacted by a member of our consulting team.

RMF Consulting for DoD/Federal Agencies
RMF Consulting Services for Product Developers and Vendors
RMF Consulting Services for Service Providers
Information Security Compliance – Building Controls
Information Security Compliance – Medical Devices