RMF in the Department of Defense (DoD)

DoD components include the Military Departments as well as numerous agencies within the Office of the Secretary of Defense (OSD) and the Joint Chiefs of Staff (JCS) (see list below).

With the publication of DoD Instruction (DoDI) 8500.01 and DoDI 8510.01 in March, 2014, DoD has officially begun its transition from the legacy DIACAP process to the new “RMF for DoD IT” process.

DoDI 8500.01 replaces the former DoD Directive 8500.1 and defines DoD’s policies for protecting and defending information and information technology, now officially dubbed “Cybersecurity” in place of “Information Assurance”.

DoDI 8510.01 delineates the roles, responsibilities, and high-level life cycle process of the “Risk Management Framework (RMF) for DoD IT” as the replacement for DIACAP. Complete specification of security controls (requirements) and system categorization methodology, formerly published in DoD I 8500.2, are now provided by reference to the applicable NIST and CNSS publications (e.g., NIST SP 800-53 and CNSSI 1253).

In order to effectively implement RMF for DoD IT and manage the transition from DIACAP, we highly recommend DoD personnel and contractors begin educating themselves as soon as possible. Our RMF for DoD IT training program includes the new RMF process and controls, along with guidance for existing DoD programs on making an effective transition

Click here for a schedule of RMF classes.

Click here to learn more about our RMF consulting services.

DoD Components

  • Military Departments
    • U.S. Army
    • U.S. Navy
    • U.S. Marine Corps
    • U.S. Air Force
  • Joint Chiefs of Staff
  • Office of the Secretary of Defense
    • Defense Policy Board Advisory Committee
    • Office of Net Assessment
    • Pentagon Force Protection Agency
    • Office of General Counsel
    • Defense Legal Services Agency
    • Office of Inspector General
    • Defense Criminal Investigative Service
    • Under Secretary of Defense for Intelligence
    • Defense Security Service
    • Defense Information Systems Agency
    • Under Secretary of Defense for Policy
    • Defense Security Cooperation Agency
    • Defense Prisoner of War/Missing Personnel Office
    • Under Secretary of Defense for Acquisition, Technology and Logistics
    • Defense Advanced Research Projects Agency
    • Missile Defense Agency
    • Defense Contract Management Agency
    • Defense Logistics Agency
    • Defense Threat Reduction Agency
    • Office of Economic Adjustment
    • Defense Acquisition University
    • Business Transformation Agency
    • Under Secretary of Defense for Personnel and Readiness
    • Defense Commissary Agency
    • Defense Human Resources Activity
    • Department of Defense Education Activity
    • Department of Defense Dependents Schools
    • Tricare Management Activity
    • Uniformed Services University of the Health Sciences
    • Defense Equal Opportunity Management Institute
    • Office of the Chancellor for Education and Professional Development
    • Under Secretary of Defense Comptroller
    • Defense Contract Audit Agency
    • Defense Finance and Accounting Service
    • Assistant Secretary of Defense for Networks and Information Integration
    • Assistant Secretary of Defense for Public Affairs
    • Washington Headquarters Services