DODD 8510.01 CE-03
Risk Management Framework (RMF) for DoD Information Technology (IT)
Organization: | DODD |
Publication Date: | 29 December 2020 |
Status: | active |
Page Count: | 47 |
scope:
PURPOSE.
This instruction:
a. Reissues and renames DoD Instruction (DoDI) 8510.01 (Reference (a)) in accordance with the authority in DoD Directive (DoDD) 5144.02 (Reference (b)).
b. Implements References (c) through (f) by establishing the RMF for DoD IT (referred to in this instruction as "the RMF"), establishing associated cybersecurity policy, and assigning responsibilities for executing and maintaining the RMF. The RMF replaces the DoD Information Assurance Certification and Accreditation Process (DIACAP) and manages the lifecycle cybersecurity risk to DoD IT in accordance with References (g) through (k).
c. Redesignates the DIACAP Technical Advisory Group (TAG) as the RMF TAG.
d. Directs visibility of authorization documentation and reuse of artifacts between and among DoD Components deploying and receiving DoD IT.
e. Provides procedural guidance for the reciprocal acceptance of authorization decisions and artifacts within DoD, and between DoD and other Federal departments and agencies, for the authorization and connection of information systems (ISs).
Document History




