DIACAP/RMF DoD IT

Kratos SecureInfo Cybersecurity ServicesTo keep information systems secure in the defense environment, information assurance policies and practices are used to manage risk. The Department of Defense (DoD) has transitioned from the DoD Information Assurance Certification and Accreditation Process (DIACAP) to the Risk Management Framework (RMF) for DoD IT to leverage a unified security framework across the entire federal government. 

This helps defense agencies effectively and efficiently manage the life cycle cybersecurity risk to their information systems and provide enhanced visibility to leadership, resulting in more informed, risk-based decisions.

Kratos SecureInfo helps defense agencies manage the transition to the new approach of system categorization, assessment and monitoring. Our RMF experts have successfully transitioned organizations in the public sector to the new framework. 

Kratos SecureInfo is an Agent of the Certifying Authority (ACA) and serves as an independent and trusted agent, conducting system security assessments, and making certification determination recommendations on behalf of the Army, Navy, Air Force and Marines.

We can assess the controls selected for the system in accordance with agency and RMF processes, detail remediation items and move forward to the Certification and Accreditation (C&A) recommendation of the system to the DoD agency Authorization to Operate (ATO).

Our DIACAP / DIARMF process includes the following steps:
  • Initiate and plan – setup the system, assign Information Assurance (IA) controls, implement the IA plan
  • Deploy and validate - execute the IA plan, conduct validation testing and review results
  • Determine Certification & Accreditation (C&A) decisions - review risks, issue certification and decide on accreditation
  • Ongoing ATO/reviews - initiate and update the lifecycle implementation plan, maintain the IA posture and situational awareness
Experience the Benefits of DIACAP/DoD RMF Expertise
  • Streamline the certification process by obtaining DoD and other agency authorizations through reciprocal acceptance
  • Accelerate the process of receiving an ATO by leveraging deep domain expertise
  • Evaluate risk-based decisions based on impact to the mission
  • Build security into systems to ensure projects are executed on-time and on-budget
  • Enhance efficiencies through IA control inheritance and re-use