The Transition Begins: DoD Risk Management Framework

摘要

The Department of Defense (DoD) released DoD Instruction 8510.01. DoD Risk ManagementFramework (RMF) for DoD Information Technology (IT) March 12. This instruction replaces the DoDInformation Assurance Certification and Accreditation Process (DIACAP).It specifies that all DoD ITfalls under the auspices of the RMF and is broadly grouped as DoD Information Systems (IS),platform IT (PIT), IT services and IT products.This includes IT that supports research, development,testing and evaluation (T8E), as well as DoD-controlled IT operated by a contractor or other entityon behalf of the DoD. Some key transformation highlights are shown in Figure1.