RMF Experts

Woodbury Technologies, Inc supplies RMF and Cyber Security services on numerous contracts across the United States. Read the following to learn more about RMF and the Woodbury Technologies approach. More information can be obtained by emailing us career@woodburytech.com.

Woodbury Technologies provides Information Security Services which align with and meet the Risk Management Framework (RMF) requirements recently adopted by the Department of Defense. The Department of Defense Instruction (DoDI) 8510.01: Risk Management Framework (RMF) for DoD Information Technology (IT) March 2014, which replaces the previous DoD Information Assurance Certification and Accreditation Process (DIACAP).  We are experts in applying this framework.

This framework is a risk-based approach to security control selection and specifications that considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. The activities related to managing organizational risk are paramount to an effective information security program and can be applied to both new and legacy systems within the context of the system development life cycle and the Federal Enterprise Architecture.

We use RMF principals established in NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations, to ensure FISMA requirements are met. NIST SP 800-53 establishes the minimum baseline set of controls for Low, Moderate, and High systems to bring about the Authority to Operate (ATO) for systems.

Following the RMF principles underlying controls seen in the architecture illustrated on the right, we ensure all controls meet the mandatory requirements to reach compliance. We identify where a control is not compliant in accordance with NIST SP 800-53 and organizational policies, and inform the responsible entity of the need for remediation. The RMF allows an opportunity to remediate legitimate weaknesses within organizational defined time frames. Weaknesses are acknowledged in composed Plan of Action and Milestones (POA&Ms). POA&Ms allow organizations to plan remediation efforts in addition to tracking the weakness staying within the constraints of the NIST directives.

We use the applicable NIST policies along with agency directives to help and facilitate organizations’ systems in reaching operational goals (missions and business functions) along with obtaining an ATO. An ATO requires all the controls, the organization deemed necessary and required from NIST SP 800-53, to be identified, developed, documented, implemented, and assessed. In addition, all residual risk must be accepted by the Authorizing Official. Once an initial ATO is achieved, the system is authorized to operate for a specified period of time in accordance with the terms and conditions established by the Authorizing Official. We can also assist our clients to renew their ATO as necessary by assisting in Ongoing Authorization requirements as defined by the Authorizing Official’s continuous monitoring strategy.

Send resumes to career@woodburytech.com

© Woodbury Technologies 2021 | Powered by Integrinet IT