Skip to main content

Preparing for RMF Approvals

As a commercial service provider offering (or wishing to offer) your services to DoD and federal agencies, you will sooner or later run into the dreaded RMF requirement. Potential customers may ask you if your organization has been “RMF approved,” or even ask for a copy of your “authorization.” However, unlike many other government authorization programs, a vendor cannot independently seek RMF approval!

RMF is fundamentally a government process, carried out by government people. DoD and federal agencies are required to assess and authorize their information systems by RMF. DoD/Federal agencies need “outsourced” commercial services to have ATO just as they do for government owner/operated information systems. We help you prepare documented evidence of compliance with applicable security requirements. With us, you can maximize your “readiness” for RMF by:


Thoroughly analyzing your IT environment’s compliance with RMF security controls (requirements)


Making improvements to enhance compliance where necessary

Documenting compliance in a manner that is readily usable and understandable by government customers and conducive to a determination of risk acceptability

Consulting Services for Service Providers

We offer the following consulting services geared specifically to address the needs of “outsourced” service providers:

RMF Compliance Survey

A “short-turnaround” service to provide you with a basic view of your compliance with applicable security requirements, and a set of practical recommendations for compliance improvement.

RMF Readiness Assessment

A comprehensive service that includes extensive “hands on” testing to provide a detailed view of your compliance, detailed technical recommendations, and a set of RMF documentation.

RMF Liaison Consulting Services

A consulting service designed to help “bridge the gap” between your organization and your current or potential DoD/federal customers.