Until recently, the Department of Defense (DoD) security certification and accreditation process was prescribed by the DoD Information Assurance Certification and Accreditation Process (DIACAP). After years of talk, DIACAP has finally been replaced with the Risk Management Framework (RMF) established by NIST. As a result, the term DIACAP is now obsolete and RMF for DoD Information Technology (IT) is the new title for DOD Instruction (DoDI) 8510.01.
All DoD IT organizations that receive, process, store, display or transmit DoD information are subject to DoDI 8510.01. This includes all information systems, platform IT (PIT), IT services and IT products used in the DoD environment. It also includes IT-supporting research, development, test and evaluation (T&E) and DoD-controlled IT operated by a contractor or other entity on behalf of the DoD.
The NIST RMF is the very same certification and accreditation (now referred to as Security Authorization) framework used by civilian agencies for years. 38North consultants have successfully implemented the NIST RMF at numerous federal government agencies and can leverage this experience to ensure you undergo a successful transition to the new RMF for DoD IT framework.