2019年2月26日 · Establishes the cybersecurity Risk Management Framework (RMF) for DoD Systems (referred to in this issuance as “the RMF”) and establishes policy, assigns responsibilities, and prescribes procedures for executing and maintaining the RMF.

2020年4月19日 · Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST 800-37).

2018年9月27日 · The DoD Cyber Exchange is sponsored by Defense Information Systems Agency (DISA)

What is the Risk Management Framework (RMF)? In 2014, the DoD started transitioning from the DoD Information Assurance Certification and Accreditation Process (DIACAP) to the Risk Management Framework for the DoD IT (RMF).

The DoD Cyber Exchange is sponsored by Defense Information Systems Agency (DISA)

The DoD Risk Management Framework (RMF) plays a crucial role in our cybersecurity strategy by providing a comprehensive framework for identifying, assessing, and mitigating cyber risks...

This course identifies policies and regulations that govern the Department of Defense (DOD) RMF process, and defines DOD Information Technology and the categories of DOD information affected by the RMF.

The DOD RMF governance structure implements the three-tiered approach to cybersecurity risk management described in NIST SP 800-39, synchronizes and integrates RMF activities across all phases of the IT life cycle, and spans logical and organizational entities.

DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology, 12 Mar 2014. This Instruction applies to All DoD Information Technology (IT) that receives, processes, stores, displays, or transmits DoD information.

To address these gaps and issues, DISA executed a plan to increase service delivery through streamlined RMF processes and readily accessible evidence based on mission partner requirements.