The Risk Management Framework (RMF) is the “common information security framework” for the federal government and its contractors. The stated goals of RMF are:

  • To improve information security
  • To strengthen risk management processes
  • To encourage reciprocity among federal agencies

Through implementation of RMF, federal agencies can achieve compliance with policy directives such as the Federal Information Security Management Act (FISMA), and Office of Management and Budget (OMB) Circular A-130 .

RMF effectively transforms traditional Certification and Accreditation (C&A) programs into a six-step life cycle process consisting of:

  1. Categorization of information systems
  2. Selection of security controls
  3. Implementation of security controls
  4. Assessment of security controls
  5. Authorization of information systems
  6. Monitoring of security controls

The National Institute of Standards and Technology (NIST), in partnership with the Joint Task Force Transformation Initiative (JTFTI), has developed a series of publications that provide detailed guidance on RMF implementation, categorization, security controls, etc.

The Committee on National Security Systems (CNSS) has developed the following publications that provide clarification of the NIST publications and additional requirements for implementing RMF for systems designated as NSS.

Implementation of RMF is now underway within the major “sectors” of the federal government:

RMF for DoD IT Training

RMF for DoD IT training program is suitable for DoD employees and contractors. This four-day program includes comprehensive coverage on policy background, roles and responsibilities, lifecycle process, security controls/assessment and documentation. The RMF for DoD IT Training Program also includes information on the transition from DIACAP to RMF.

Learn More               REGISTER NOW