Risk Management Framework

Understanding the New DSS Risk Management Framework

Understanding Security Controls

SecureStrux's RMF Subject Matter Experts can translate the security control definitions to help you understand how to apply the requirements to your system, company, and security team, large or small.

Hands-On Training

While we guide you through the RMF process, we provide the knowledge and tools you need to not only receive accreditation but to maintain it.

Beginning August 2016, all new Information System (IS) accreditations required Defense Security Service (DSS) Industry sites to adhere to the Risk Management Framework (RMF) Assessment and Authorization (A&A) process provided in the DSS Assessment and Authorization Process Manual (DAAPM) to achieve Authorization to Operate (ATO) status.

This new framework encompasses a six-step process that begins with risk categorization and ends with continuously monitoring security controls to measure effectiveness. This new accreditation process provides a complex challenge to Industry through new approaches to system categorization, assessment, and continuous monitoring.

The Challenge

The RMF process focuses on documentation of risk mitigation rather than the specific technical implementation requirements that were previous provided by the ODAA Baseline. Facility Security Officers (FSOs) and Information System Security Managers (ISSMs) will need to individually assess each requirement (or security control), provide an implementation recommendation for that requirement, and a detailed explanation of how the particular control’s implementation meets each control requirement.

It’s an intensive process that’s new to many Industry security personnel, so it may come with a high bar to clear for those new to this process.

SecureStrux Risk Management Framework

As a trusted partner with RMF expertise in the Industry, SecureStrux can reduce the complexities of implementing this new framework while reducing the strain on budget and resources. Our hands-on approach throughout the RMF process lifecycle provides FSOs and ISSMs with the information they need to interpret the controls and implement the requirements based on the size and scope of their information system, large or small. DOD RMF may seem like a daunting transition, but SecureStrux is here to help.

Hands-on Assistance for All Steps

We can assist throughout the lifecycle process whether you are just beginning or if you are already in progress.

Delivering More Value

SecureStrux goes beyond basic help at each RMF step to deliver the technical and administrative service you need to excel. We not only provide the essential technical implementation skills necessary to implement the controls based on your environment, but our proven documentation templates, process implementation checklists, and continuous monitoring tools provide the head start you need to complete each RMF step quickly and efficiently.

Samples of our value-added services include:

  • Creating personnel policies that adhere to RMF requirements and performing gap detection to identify and solve holes in existing controls.
  • Secure configuration support based on DSS guidelines to meet standards, set benchmarks and configure system settings to meet RMF requirements.
  • Creating a robust media protection policy, limiting the risk of Insider Threat concerns as well as improving adherence to RMF requirements.
  • Continuous monitoring tool implementation and hands-on training to proficiently utilize the tool to its fullest extent while maximizing process efficiency.

SecureStrux offers these and many more services to help your organization achieve compliance and maintain a secure environment.