Citation Edit

Department of Defense, DoD Instruction 8510.01: "Risk Management Framework (RMF) for DoD Information Technology (IT)" (Mar. 12, 2014) (full-text).

Overview Edit

This instruction established the DOD Information Assurance Certification and Accreditation Process (DIACAP) for authorizing the operation of DoD Information Systems, for managing the implementation of IA capabilities and services, and for providing visibility of accreditation decisions regarding the operation of DoD Information Systems, including core enterprise services- and Web services-based software systems and applications.

It applies to all DoD IT that receive, process, store, display, or transmit DoD information. These technologies are broadly grouped as DoD IS, platform IT (PIT), IT services, and IT products. This includes IT supporting research, development, test and evaluation (T&E), and DoD-controlled IT operated by a contractor or other entity on behalf of the DoD.