Risk Management Framework (RMF) Department of Defense Information Technology (DoD IT), NIST 800-53, & DIACAP Transition
The transition from DIACAP to the Risk Management Framework (RMF) for DoD IT has been a discussion for the past few years. On March 12, 2014, the DoD CIO approved DoDI 8510.01 transition from DIACAP to Risk Management Framework for Department of Defense (DoD) Information Technology. The change was prompted in part because, Defense Department CIO Teri Takai said, “we were concerned we’re driving up our costs by virtue of having companies have to fit our standards as well as to other national standards.”
The Risk Management Framework for DoD IT transition timeline calls for an end to new accreditations under the legacy DIACAP process within six months, and for the full transition of all existing DIACAP-based accreditations within three-and-a-half years from the policy’s effective date, March 12, 2014. Part of the objective is to consolidate DoD C&A practices, focusing on maximizing reciprocity and reducing duplicative efforts.
Risk Management Framework (RMF), DIACAP Transition Consulting
At Praetorian Secure we pioneered the development of a standard DIACAP and NIST transition plan using a phased approach customized for commercial companies (Insurance, medical, software, hardware, and Third-party Information Technology). This process has been tested and continuously improved upon since 2009 and has effectively served as a service offering to fully support transition-in of DoD Information Assurance Certification and Accreditation (DIACAP).
Based on our past experience as DoD Agents of the Certifying Authority and Information Assurance practitioners, our initial thought was how prominent the need for commercial companies to comply and maintain contractual security requirements assigned by the DoD would be. That in mind, we completely refined the process to make it less complicated for commercial companies and offered a full-service offering for DIACAP.
Now that the transition is officially moving forward we foresee the same issues for companies dealing with DoD assigned security responsibilities. Also we recognize the potential improvements a commercial company can realize through implementation of a standardized cybersecurity and governance model that improves confidentiality, integrity, and availability in these times of increased and persistent threats.
Therefore, as proven-pioneers in this market, and with several years of experience in DIACAP, NIST, PCI and Risk Management Frameworks, we are also transitioning support for commercial companies and vendors in the contractual world of the DoD. Our new service offering is for organizations interested in transition of cybersecurity programs to a Risk Management Framework (RMF) and will be provided through a full portfolio of innovative Enterprise Risk Management Service based on the DoD IT Risk Management Framework Approach.
Praetorian Secure RMF Service Offerings:
- DoDI 8510.01 Risk Management Framework for DoD IT Implementation
- NIST SP 800-53 Risk Management Framework (RMF) Assessment
- Transition in Support of DoD IT Risk Management Framework (RMF)
- Complete Assessment and Authorization (A&A) Services
- Cyber Security Controls and Enhancement Implementation
- Cyber Security Controls – Compensating Controls Implementation
- Vulnerability Assessment and Penetration Testing
- Security Plan & Policy Development
- Security Engineering (NIST SP 800-160)
- Risk Assessment (NIST SP 800-30)