The Department of Defense Chief Information Officer (CIO) has issued new policy entitled DoD Instruction 8510.01 “Risk Management Framework for DoD Systems”. This new policy reissues and cancels DoD Instruction 8510.01, “Risk Management Framework (RMF) for DoD Information Technology (IT),” dated March 12, 2014, as amended Incorporates. It also cancels Directive-Type Memorandum (DTM) 20-004, “Enabling Cyberspace Accountability of DoD Components and Information Systems,” November 13, 2020, as amended. Among other key information, implementation requirements, responsibilities, cybersecurity governance it provides, this important new document also:

• “Establishes the cybersecurity Risk Management Framework (RMF) for DoD Systems (referred to in this issuance as “the RMF”) and establishes policy, assigns responsibilities, and prescribes procedures for executing and maintaining the RMF.
• Establishes and applies an integrated enterprise-wide decision structure for the RMF that includes and integrates DoD mission areas (MAs) pursuant to DoDD 8115.01 and the governance process prescribed in this issuance.
• Provides guidance on reciprocity of system authorization decisions for the DoD in coordination with other Federal agencies.
• Authorizes and designates the RMF Technical Advisory Group (TAG) as the body responsible for developing and publishing RMF implementation guidance."

Coincidentally, we focused on the topic of cybersecurity and product support during our inaugural DAU Logistics LIVE!” webinar series that launched this past Monday.