NetCentrics Corporation, a leading provider of enterprise systems management and cybersecurity for the US government, has led the Department of Defense’s (DoD) first full implementation of the Risk Management Framework (RMF) for the US Coast Guard. The transition to RMF, a risk-based cybersecurity program, was completed February 18, 2016.
Developed by the National Institute of Standards and Technology (NIST), the RMFcreates a shared information security framework across the federal government and its contractors. By incorporating the management of organizational risk, the RMF represents an advance in cybersecurity over legacy programs such as the DoD Information Assurance Certification and Accreditation Process (DIACAP). DoD Directive 8510.01 established the RMF for DoD IT in place of DIACAP on March 12, 2014.
While already in use by civil service agencies and the intelligence communities, the RMF is in the early phases of adoption within the rest of DoD. The Framework aligns with the federal government’s Continuous Diagnostics and Mitigation (CDM) program intended principally for civilian agencies.
“IT security has been steadily moving away from strict compliance toward a risk-based approach coupled with continuous monitoring,” said Bob Dougherty, CEO of NetCentrics. “The Coast Guard is leading the way for DoD by fully transitioning to the Risk Management Framework, which takes both a risk assessment and risk management approach coupled with continuous monitoring practices.”