DoD RMF
TWM has extensive experience transitioning clients in the Department of Defense (DoD) to the latest in Security Assessment and Authorization (SA&A) DoD Risk Management Framework (RMF)
TWM has supported the transition from the DoD Information Assurance Certification and Accreditation Process (DIACAP) to the DoD RMF certification packages for more than 100 systems across the DoD and Federal Agencies. The highlight of TWM’s approach is the transition process that converts documents like a program’s System Security Authorization Agreement (SSAA) into official deliverables such as the Information Security Plan (ISP) and Application Threat Model.
TWM has developed a transition guide for transitioning systems to RMF. The RMF transition guide, based on NIST SP 800-37, specifies relationships between prior DIACAP and RMF documentation in order to minimize the work effort needed.
TWM has also developed guidance, based on DoD policy and past experience, for the development or update of the Information Security Plan, the Concept of Operations (CONOPS), and the Risk Assessment, to ensure that during the review or generation of documents, aspects of the NIST SP 800-53 processes are documented in support of a successful accreditation process.