8500.01

Risk Management Framework (RMF) for DoD Information Technology (IT)

March 30, 2015 by Bruce Brown Leave a Comment

The Risk Management Framework (RMF) Knowledge Service is DoD CIO’s authoritative source for implementing the RMF and DIACAP: https://rmfks.osd.mil/ *not a public site*

DoD RMF Documentation:

The DoD RMF is based on DoDI 8500.01, Cybersecurity and DoDI 8500.01, Risk Management Framework (http://iase.disa.mil/rmf/Pages/guidance.aspx).

DoDI 8500.01 – Cybersecurity
This DoD Instruction replaces the previous Information Assurance (IA) guidance under DoDD 8500.01, November 21, 2003.

DoDI 8510.01 – Risk Management Framework (RMF) for DoD Information Technology (IT)
This DoD Instruction replaces the previous DIACAP guidance under DoDI 8510.01, November 28, 2007.

Cybersecurity and RMF

These policies refer to the NIST 800 series. Specifically, NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems and NIST SP 800-53 rev 4, Security and Privacy Controls for Federal.

CNSS RMF Guidance:
CNSSI No. 1253 for CNSS Home page and select “Instructions” from Library drop down.
Security Categorization and Control Selection for National Security Systems – This document replaces previous version dated 3 March 2012. Overlays are now Appendix F vice K.