Dealing with the Transition to RMF
Beginning on January 1, 2018, the Defense Security Service (DSS) started requiring all cleared federal contractors processing classified information under their watch to fully transition to the new Risk Management Framework (RMF). Then in 2019, DSS re-named, re-aligned, and re-organized themselves with new leadership and responsibilities. This new agency branded themselves the Defense Counterintelligence and Security Agency (DCSA). The new RMF process replaced the prior DSS’s Certification and Accreditation (C&A) process and the Department of Defense’s (DoD’s) Information Assurance and Accreditation Process (DIACAP). This means that by the time your company conducts its next security vulnerability assessment, an entire overhaul of your security policies and procedures may be necessary to stay compliant with this new process and to receive future contracts.
DCSA Audits and Transitioning from DIACAP to RMF
Based on our experience, up to 4 out of every 5 submissions to DCSA are denied their Authority to Operate (ATO). Not passing a DCSA audit can lead to an inability to support DoD contracts, costing your company thousands of dollars. Additionally, it can take months to understand and remedy the questions and concerns DCSA will pose for a proper RMF submission. The transition from DIACAP’s 157 controls to RMF’s 862 possible controls coupled with interpreting the vague guidance outlined in the RMF process can seem like an extremely daunting task for a small business and take months to accomplish. Instead of facing this challenge alone, you may feel more confident reaching out for some hands-on support and leadership from another company that has already been through the ringer and possesses the subject matter expertise you need.
Assistance with the Transition to RMF
This is where Mission Multiplier can be a benefit to you. Mission Multiplier has been a part of the DIACAP-to-RMF transition many times before. Our team has the essential knowledge, skills, and abilities to assist you in this transition and we can be as hands-on as your organization wants us to be. We are here to help your organization make sense of all things RMF, to guide you through this transitionary period, and to ensure that your organization obtains your much needed ATO. If you have been putting off this transition or dreading the upcoming nuances of the new security guidance, let Mission Multiplier lead the way.
We want to work together to help you achieve your mission. If you’re interested in learning more about how Mission Multiplier can help you through the compliance process, please reach out to us today.