Risk Management Framework

Wednesday, October 21, 2015

What is it?

The Risk Management Framework (RMF) is a set of information system security standards developed by the National Institute of Standards and Technology (NIST) with the goals of improving information security, strengthening the overall risk management process, and encouraging system reciprocity among federal agencies. Its implementation -- from the strategic to tactical levels -- puts the Department of Defense on the same framework as the rest of the U.S. Government. The RMF process replaces the DOD Information Assurance Certification and Accreditation Process (DIACAP) and eliminates the need for the Networthiness process. The RMF -- unlike DIACAP, which only assessed systems and enclaves -- assesses the technology and all things outside it.

What has the Army done?

The Network Enterprise Technology Command (NETCOM), in close coordination with the Army CIO/G6, is leading the Army's transformation away from the DIACAP process, delivering comprehensive training, developing operational tactics, techniques and procedures (TTPs), and coaching and mentoring organizations and service providers through the RMF process. System owners, cybersecurity professionals, and other stakeholders now use the Enterprise Mission Assurance Support Service (eMASS), which automates the process and implements and enforces RMF, while improving visibility into the RMF process from beginning to end.

What does the Army have planned for the future?

Networthiness process will be eliminated. Defining requirements are currently underway, being worked by the DOD, Army Chief Information Office/G-6 (lead), and other Army organizations. Additionally, the Army is working on identifying standard framework security control inheritance; building efficiencies by leveraging work already done by Network Enterprise Centers (NECs) and higher-level service providers. NETCOM has directed organizations to identify those security controls that could be inheritable by other organizations within their installation/campus area networks.

Why is this important to the Army?

Implementing RMF will improve cybersecurity reciprocity, increase efficiency and assist with cost savings. By using the same instruments other government agencies use when assessing risk, there may be no need to re-do the costly assessment process. Having currently documented risks another agency/service has assumed or assessed -- rather than assessing systems again --saves time and money. Assessments are based on assessment of the mission, intelligence requirements, criticality of the system, and risk tolerance of the Army/Command, leading to a more uniform execution of the RMF. It also standardizes language across the services and agencies, improving understanding throughout the DOD.

Resources:

Subscribe to STAND-TO! to learn about the U.S. Army initiatives.

Current & Upcoming Events

October 2015

Army Cybersecurity Awareness Month

Energy Awareness Month: Army.mil: Energy News

National Domestic Violence Awareness Month

National Depression Education & Awareness Month

National Disability Employment Awareness Month

Quote of the Day

We are focused now on the officers of 2020 and beyond, on producing young leaders that can meet the challenges of a complex world. Our overarching goal is to produce officers of character that are agile and adaptive leaders.

- Maj. Gen. Peggy Combs, commanding general, U.S. Army Cadet Command

ROTC cadets develop beyond basic learning

STAND-TO!

STAND-TO! is an information paper-based web platform that supports the U.S. Army’s strategic communication objectives.

The information papers -- written, approved and submitted by the Army agencies -- provide a broad, objective view of the Army’s current operations, doctrine and programs. The "Today’s Focus" topics highlight Army Staff initiatives and support Army wide strategic-level issues.

All published editions are sent to subscribers via email and archived daily in the STAND-TO! Archives.

STAND-TO! falls under the management of the Online and Social Media Division (OSMD) in the Office of the Chief of Public Affairs (OCPA).

Subscribe to STAND-TO! to learn about the U.S. Army initiatives.