The Risk Management Framework (RMF) Knowledge Service is DoD CIO’s authoritative source for implementing the RMF and DIACAP: *not a public site*

DoD RMF Documentation:

The DoD RMF is based on DoDI 8500.01, Cybersecurity and DoDI 8500.01, Risk Management Framework (

DoDI 8500.01 – Cybersecurity
This DoD Instruction replaces the previous Information Assurance (IA) guidance under DoDD 8500.01, November 21, 2003.

DoDI 8510.01 – Risk Management Framework (RMF) for DoD Information Technology (IT)
This DoD Instruction replaces the previous DIACAP guidance under DoDI 8510.01, November 28, 2007.


Cybersecurity and RMF
Cybersecurity and RMF

These policies refer to the NIST 800 series.  Specifically, NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems and NIST SP 800-53 rev 4, Security and Privacy Controls for Federal.

CNSS RMF Guidance:
CNSSI No. 1253 for CNSS Home page and select “Instructions” from Library drop down.
Security Categorization and Control Selection for National Security Systems – This document replaces previous version dated 3 March 2012. Overlays are now Appendix F vice K.

Tags : 8500.018500.18510CNSSDIARMFNIST 800-37NIST 800-53Risk Management Framework (RMF)Risk Management Framework (RMF) for DoD Information Technology (IT)rmf
Bruce Brown

The author Bruce Brown

I have done a lot of work with Risk Management Framework for DoD IT (formerly DIACAP,DITSCAP). I noticed there was not a lot of information for security engineers on the nuts and bolts of it, so i started writing it down.

security is just a hobby. my real job is to help humanity out of poverty (information & financial poverty).

I am sure we can do it together

maybe rmf will help humanity. ;p
the internet maybe our greatest hope, we should keep it safe.

Leave a Response