The United States government IT systems must be architected, secured and monitored according to the Risk Management Framework (RMF) that was developed originally in 2010 by the Department of Defense (DoD) and is now maintained by the National Institute of Standards and Technology (NIST). It sets the standard for each agency’s data security strategy and is designed to help identify and resolve issues early, in order to help inform risk-based decision-making and effectively manage cybersecurity risk.
In 2015, DISA also adopted the RMF as a replacement to DIACAP (DoD Information Assurance Certification and Accreditation Process) to increase service delivery by ensuring mission partners have transparency into the facility, network, and services that are being delivered by DISA in support of mission partner workload.
RMF consists of 6 steps:
• Step 1 - Categorize Information System
• Step 2 – Select Security Controls
• Step 3 – Implement Security Controls
• Step 4 – Assess Security Controls
• Step 5 – Authorize Information System
• Step 6 – Monitor Security Controls
Steps 2 and 3 require the agencies to select and implement security controls from the likes of NIST 800-53 and STIGs. Steps 4, 5 and 6 are then concerned with auditing the controls to identify remediation required and ongoing monitoring to assess the agency’s security posture.
Automating RMF security checks with Nipper
Already in service with all four arms of the DoD, Titania Nipper is trusted to automate the configuration audits of core network devices against NIST 800-53, NIST 800-171, DISA STIGs and CIS benchmarks to prove compliance with risk management frameworks such as RMF, CDM, and CMMC. Indeed, Nipper’s proven accuracy advantage is estimated to save the DoD security assessors up to 3 hours per device not investigating false positives reported by other compliance tools.
Taking just minutes to set up and generate accurate reports, Nipper can be configured to automate the line-by-line analysis of your device configuration and operating system data, detecting precise security and compliance risks against RMF.
For more information on how Titania can automate compliance assessments for your organization or clients, get in touch >
Accurately assess RMF Compliance with Nipper
Saving security assessors up to 3 hours per audit when analysing the configurations of core network devices, Nipper also integrates with SIEM and SOAR systems for a network-wide view of compliance with RMF.
For more information on how to configure Nipper to quickly and accurately audit compliance with RMF, get in touch >