Risk Management Framework (RMF) is the unified information security framework for the entire federal government that is replacing the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC). DoD officially began its transition from the legacy DIACAP process to the new "RMF for DoD IT" process.
March 12, 2014 DoD security experts, IT managers, and senior leadership introduced sweeping changes to the Certification and Accreditation process to the extent that personnel roles, job titles, and even the term C&A itself changed and evolved into new nomenclature and a new era for the Information Assurance community of practitioners within the DoD (DoDI 81510.01). After implementation, the use of DIACAP Certification and Accreditation processes ceased, and RMF Assessment and Authorization (A&A) will become the 'new normal' for information technology professionals and risk managers throughout the Defense Department.
Knowledge and understanding of DoDI 8510.01, NIST 800-53 security controls, NIST 800-53a evaluation procedures
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.