Streamlining RMF Accreditation to Speed Deployment of New

            Defense Technologies


            By virtually eliminating the STIG hardening, months can be saved in the RMF accreditation process






            Government agencies are not known for moving quickly, and the RMF accreditation process is a prime
            example.    For  defense  contractors  and  integrators  tasked  with  developing  new  technologies  for  the
            Department of Defense (DoD) and other government agencies, this step alone can take 9-12 months or
            longer.

            The glacial pace of accreditation is due to the manual nature of the review process tasks, as well as
            significant documentation and system hardening required to meet security policy mandates.  Without this
            step, projects cannot move to Authorization to Operate (ATO).  In short, any delays impact deployment
            of new defense technologies in the field.
            Fortunately,  new  automated  software  tools  are  eliminating  weeks,  if  not  months,  from  the  RMF
            accreditation process by virtually eliminating the time of the initial hardening while also providing
            the required documentation.  By doing so, technology integrators can significantly reduce the time to
            build, test, and deploy new technologies in STIG-compliant environments.



            RMF Accreditation

            The DoD introduced the Risk Management Framework (RMF) in 2014 to assist federal agencies to better
            manage risks associated with operating information systems.

            As part of this process, systems must be hardened to standard Security Technical Implementation Guide
            (STIG) benchmarks.  The STIGs provide configuration specifications for operating systems, database
            management systems, web servers and network devices used by government agencies.












                                 125