As a product developer or vendor offering (or wishing to offer) your product(s) for sale to DoD and federal agencies, you will sooner or later run into the dreaded RMF requirements. Potential customers may ask you if your product has been “RMF approved,” or even ask for a copy of your product’s “authorization.” However, unlike many other government product authorization programs, a vendor cannot independently seek RMF approval of the product!
RMF is fundamentally a government process, carried out by government people. DoD and federal agencies are required to assess and authorize their information systems by RMF. Many of those systems contain and need products obtained from commercial vendors. We help you prepare the right documentation to provide in support of the RMF effort. We also help you facilitate the process and gain valuable credibility with the DoD/Federal customer while guiding you through the RMF programs by:
Thoroughly analyzing product compliance with RMF security controls (requirements)
Making product improvements to enhance compliance where necessary
RMF Consulting Services
We offer the following consulting services geared specifically to address the needs of product developers and vendors:
RMF Compliance Survey
A “short-turnaround” service to provide you with a basic view of your product’s compliance with applicable security requirements, and a set of practical recommendations for compliance improvement.
RMF Readiness Assessment
A much more comprehensive service that includes extensive “hands on” testing to provide a detailed view of your product’s compliance, detailed technical recommendations, and a set of RMF documentation.
RMF Liaison Consulting Services
A consulting service designed to help “bridge the gap” between your organization and your current or potential DoD/federal customers.