UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close

AIR FORCE - AFI 17-101

RISK MANAGEMENT FRAMEWORK (RMF) FOR AIR FORCE INFORMATION TECHNOLOGY (IT)

active, Most Current
Organization: AIR FORCE
Publication Date: 2 February 2017
Status: active
Page Count: 49
scope:

Purpose.

This AFI provides implementation instructions for the Risk Management Framework (RMF) methodology for Air Force (AF) Information Technology (IT) according to AFPD 17-1, Information Dominance Governance and Management, and AFI 17-130, Air Force Cybersecurity Program Management, which is only one component of cybersecurity. 

The RMF incorporates strategy, policy, awareness/training, assessment, continuous monitoring, authorization, implementation, and remediation.

The RMF aligns with SAF/CIO A6's AF Information Dominance Flight Plan key concept of increasing cybersecurity of AF information systems; therefore, robust risk assessment and management is required.

The RMF process encompasses life cycle risk management to determine and manage the residual cybersecurity risk to the AF created by the vulnerabilities and threats associated with objectives in military, intelligence, and business operations.

Effective implementation and resultant residual risk associated with security controls implementation is assessed and mitigated, aligns with DoDI 8510.01, and as documented in the RMF security authorization package for AF IT.

Discrete classes of systems (i.e., AF financial systems) are subject to additional requirements contained in Attachment 3 to this document. Guidance contained in Attachment 3 are intended to supplement, but not replace, the policy limits articulated in this Instruction.

Document History

AFI 17-101
February 2, 2017
RISK MANAGEMENT FRAMEWORK (RMF) FOR AIR FORCE INFORMATION TECHNOLOGY (IT)
Purpose. This AFI provides implementation instructions for the Risk Management Framework (RMF) methodology for Air Force (AF) Information Technology (IT) according to AFPD 17-1, Information...

References

Advertisement