UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Standards Library
  • All
  • News & Analysis
  • Products & Services
  • Standards Library
  • Reference Library
  • Community

I forgot my password.

Don't have an account?

Register here.

AIR FORCE - AFI 17-101

RISK MANAGEMENT FRAMEWORK (RMF) FOR AIR FORCE INFORMATION TECHNOLOGY (IT)

active, Most Current
Organization: AIR FORCE
Publication Date: 2 February 2017
Status: active
Page Count: 49
scope:

Purpose.

This AFI provides implementation instructions for the Risk Management Framework (RMF) methodology for Air Force (AF) Information Technology (IT) according to AFPD 17-1, Information Dominance Governance and Management, and AFI 17-130, Air Force Cybersecurity Program Management, which is only one component of cybersecurity. 

The RMF incorporates strategy, policy, awareness/training, assessment, continuous monitoring, authorization, implementation, and remediation.

The RMF aligns with SAF/CIO A6's AF Information Dominance Flight Plan key concept of increasing cybersecurity of AF information systems; therefore, robust risk assessment and management is required.

The RMF process encompasses life cycle risk management to determine and manage the residual cybersecurity risk to the AF created by the vulnerabilities and threats associated with objectives in military, intelligence, and business operations.

Effective implementation and resultant residual risk associated with security controls implementation is assessed and mitigated, aligns with DoDI 8510.01, and as documented in the RMF security authorization package for AF IT.

Discrete classes of systems (i.e., AF financial systems) are subject to additional requirements contained in Attachment 3 to this document. Guidance contained in Attachment 3 are intended to supplement, but not replace, the policy limits articulated in this Instruction.

Document History

AFI 17-101
February 2, 2017
RISK MANAGEMENT FRAMEWORK (RMF) FOR AIR FORCE INFORMATION TECHNOLOGY (IT)
Purpose. This AFI provides implementation instructions for the Risk Management Framework (RMF) methodology for Air Force (AF) Information Technology (IT) according to AFPD 17-1, Information...

References

This document references:
AFI 63-101/20-101 - INTEGRATED LIFE CYCLE MANAGEMENT
Published by AIR FORCE on May 9, 2017
Purpose of AFI 63-101/20-101, Integrated Life Cycle Management (ILCM). This instruction contains the directive overarching processes and procedures required to deliver and sustain warfighting...
This document references:
CJCSI 6211.02D - DEFENSE INFORMATION SYSTEMS NETWORK (DISN) RESPONSIBILITIES
Published by CJCS on January 24, 2012
Instruction Scope: (1) DISN-provided transport and information services including, but not limited to, the Nonsecure Internet Protocol Router Network (NIPRNET), SECRET Internet Protocol Router...
This document references:
CJCSI 6510.01F - INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND)
Published by CJCS on February 9, 2011
Purpose. Provide joint policy and responsibilities for IA and support to CND in accordance with (IAW) Department of Defense Directive (DODD) 8500.01E, "Information Assurance (IA)" (reference a)....
This document references:
DODD 5000.02 - Operation of the Defense Acquisition System
Published by DOD on August 31, 2018
PURPOSE. This instruction: a. In accordance with the authority in DoD Directive (DoDD) 5000.01 (Reference (a)) and DoDD 5134.01 (Reference (cm)), reissues the interim DoD Instruction 5000.02...
This document references:
DODD 8000.1 - MANAGEMENT OF DOD INFORMATION RESOURCES AND INFORMATION TECHNOLOGY (ADMINISTRATIVE REISSUANCE INCORPORATING CHANGE 1, MARCH 20, 2002), DODD 7740.1-G)
Published by DOD on March 20, 2002
This Directive applies to: The Office of the Secretary of Defense, the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Inspector General of the Department...
This document is referenced by:
AFI 17-110 - INFORMATION TECHNOLOGY PORTFOLIO MANAGEMENT AND CAPITAL PLANNING AND INVESTMENT CONTROL
Published by AIR FORCE on May 23, 2018
Purpose and Overview In accordance with DoD Directive 8115.01, the Air Force uses Portfolio Management to control its Information Technology investments using the Mission Area structure as the common...
This document is referenced by:
AFI 17-140 - ARCHITECTING
Published by AIR FORCE on June 29, 2018
A description is not available for this item.
This document is referenced by:
AFMAN 41-209 - MEDICAL LOGISTICS SUPPORT
Published by AIR FORCE on January 4, 2019
A description is not available for this item.
This document is referenced by:
AFMAN 13-212 VOL 1 - RANGE PLANNING AND OPERATIONS
Published by AIR FORCE on June 22, 2018
This manual applies to all Air Force-operated air and ground ranges listed in Attachment 2. These ranges are part of the Air Force’s Operational Training Infrastructure. Space-launch activities are...
This document is referenced by:
AFMAN 17-1301 - COMPUTER SECURITY (COMPUSEC)
Published by AIR FORCE on February 10, 2017
A description is not available for this item.
View Less
View All
Advertisement