DIACAP to DoD RMF Transition Services

The Department of Defense (DoD) updated the DoD 8500 series documentation that addresses information assurance and risk management activities within the DoD to align with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). This transition is part of an ongoing effort by the Joint Task Force (JTF) Transformation Initiative Interagency Working Group (i.e. DoD, ODNI, NIST, and CNSS) to establish a more unified security and compliance framework to improve security and the application of risk management processes. Although the transition from the DoD Information Assurance Certification and Accreditation Process (DIACAP) is mandated by the current revision of DoD Instruction (DoDI) 8510.01, Risk Management Framework for DoD Information Technology, some legacy systems have yet to implement the RMF.

The Certification and Accreditation (C&A) process that was previously used throughout the DoD was modified to include the various RMF steps and associated tasks. Instead of using Mission Assurance Category (MAC) levels and Classification levels, the Transformation Initiative requires the use of impact values and security objectives to categorize information systems. Also, instead of implementing security controls specifically defined by the DoD, the JTF Transformation Initiative requires the use of NIST Special Publication (SP) 800-53 security controls that are selected based on the security categorization for each system. The examples above represent a portion of the changes that are occurring during the transition from DIACAP to the DoD RMF.

Several tasks must be completed as part of the DoD RMF and COACT can leverage its experience with multiple DoD and Federal civilian agency customers to assist DoD agencies that have not completed the transition from DIACAP to DoD RMF.

Transition Assistance Services

COACT has assisted numerous clients in using the RMF to achieve and maintain compliance within their respective legal and regulatory environments. The benefits of transitioning to the DoD RMF process are far-reaching and include:

  1. Standardization of processes used to implement and evaluate security controls
  2. Ensuring security is incorporated in each phase of the System Development Life Cycle (SDLC)
  3. Allowing for reciprocity with other DoD branches and government agencies
  4. Improving continuous monitoring and reporting
DIACAP to DoD RMF Transition Services
  • Mapping of DIACAP processes and DoD security controls to the DoD RMF
  • Gap analysis of in-place security controls and existing system and security documentation
  • Identification of the scope of documentation development and remediation efforts
  • Security engineering support throughout the SDLC
  • Generation and review/update of existing system and security documentation
  • Assessments of security controls and ongoing authorization support
  • Enterprise Mission Assurance Support Service (eMASS) support

The COACT Advantage

COACT has an accomplished and extensive record of providing cybersecurity and compliance services to various DoD agencies. We apply our proven assessment methodologies and accredited quality-control processes to all services and deliverables we provide, ensuring every COACT client gets our absolute best during each engagement. COACT’s client-focused and results-driven approach can help your organization comply with new risk management requirements, implement appropriate security controls, identify risks, mitigate and eliminate gaps in security, and maintain compliance with the appropriate governmental regulations.

If you are ready to enlist COACT to support and guide your organization through all the steps required to achieve compliance and transition to the DoD RMF, please reach out to a COACT representative using the contact form below or email info@coact.com.