DIACAP/RMF DoD IT

Is your organization effectively and efficiently managing the life cycle cybersecurity risk to your defense information systems? The transition from the DoD Information Assurance Certification and Accreditation Process  (DIACAP) to the Risk Management Framework (RMF) for the Department of Defense (DoD) enables agencies to establish baseline information assurance controls to secure information systems. It also provides enhanced visibility to leadership, resulting in more informed, risk-based decisions.

Kratos SecureInfo helps defense agencies manage the transition to the new approach of system categorization, assessment and monitoring. Our RMF experts have successfully transitioned organizations in the public sector to the new framework. 

As an Agent of the Certifying Authority (ACA), Kratos SecureInfo serves as an independent assessor, conducting system security assessments and making certification determination recommendations on behalf of the Army, Navy, Air Force and  Marines.

We can assess the controls selected for the system in accordance with agency and RMF processes, detail remediation items and move forward to the Certification and Accreditation (C&A) recommendation of the system to the DoD agency Authorization to Operate (ATO).

Our DIACAP / DIARMF process includes the following steps:
  • Initiate and plan – setup the system, assign Information Assurance ( IA) controls and implement the IA plan
  • Deploy and validate - execute the IA plan, conduct validation testing and review results
  • Determine C&A decisions - review risks, issue certification and decide on accreditation
  • Ongoing ATO/reviews - initiate and update lifecycle implementation plan, maintain the IA posture and situational awareness
Experience the Benefits of DIACAP/DoD RMF Expertise
  • Streamline the certification process through obtaining DoD and other agency authorizations by providing reciprocal acceptance
  • Accelerate the process of receiving an ATO by leveraging deep domain expertise
  • Evaluate risk-based decisions based on impact to the mission
  • Build security into systems to ensure projects are executed on-time and on-budget
  • Enhance efficiencies through information assurance control inheritance and re-use