TWM has extensive experience transitioning clients from the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) certification and accreditation processes to the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP). A new process named DoD RMF, for Risk Management Framework, hit the shelves in late 2013. This new process is referred to solely as RMF not the previously speculated DIARMF acronym.
TWM has supported the trasition from DIACAP to the DOD Risk Managment Framework (RMF) certification packages for more than 100 systems across the DoD and Federal Agencys.
The highlight of TWM’s approach is the transition process that converts documents like a program’s SSAA into official DIACAP deliverables such as the Information Security Plan (ISP) and Application Threat Model.
TWM has developed a transition guide for transitioning systems from DIACAP to RMF. The RMF transition guide, based on NIST SP 800-37, specifies relationships between DIACAP and RMF documentation in order to minimize the work effort needed. TWM has also developed guidance, based on DoD policy and past experience, for the development or update of the Information Security Plan, the CONOPS, and the Risk Assessment, to ensure that during the review or generation of documents, aspects of the 800-53 processes are documented in support of a successful accreditation process.