RMF Risk Management Framework

Risk Management Framework (RMF) describes the process for identifying, implementing, assessing and managing cybersecurity capabilities and services, expressed as security controls and authorizing the operation of information technology systems.

RMF brings a risk-based approach to the implementation of cybersecurity, supports cybersecurity integration early and throughout the system life cycle, promotes reciprocity to the maximum extent possible and stresses continuous monitoring. RMF replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP) and adopts the term cybersecurity in place of information assurance.