ARMY - DA PAM 25–2–14
Risk Management Framework for Army Information Technology
|Publication Date:||8 April 2019|
This pamphlet provides guidance for implementing AR 25-2 policy, and is designed to assist in the transition process for implementing Risk Management Framework (RMF) in Army. It assists Army organizations in effectively and efficiently understanding and implementing RMF for Army information technology (IT). The cybersecurity requirements for DOD ITs are managed through the principals established in DODI 8510.01, the National Institute of Standards and Technology (NIST) Special Publication 800-37, and CNSSI 1253. AR 25-2 issues the regulation needed to ensure consistent implementation of the RMF process within the life cycle of all IT.