From: Federal News Radio
The Defense Department is transitioning to a new approach to authorize its IT systems. The Risk Management Framework (RMF) will replace the DoD Information Assurance Certification and Accreditation Process (DIACAP).
RMF is years in the making
The move from DIACAP to RMF is not new — it began about four years ago with DoD Instruction 8510.01, issued in March 2014, said Ed Brindley, DoD’s acting deputy chief information officer for cybersecurity.