Skip Ribbon Commands
Skip to main content
 
      

Skip Navigation LinksDiscussions List

  
Picture Placeholder: STEPHEN MILLS
  • STEPHEN MILLS
32/27/2018 9:09 AM

​Does the RMF help in achieving Cyber Resiliency?

KEVIN WILLIAMS9/3/2020 5:35 PMNoAsk the Community
22.900465680352
2/1/2017 4:24 PM
  
Picture Placeholder: rcshanah
  • rcshanah
07/29/2020 9:26 AM


On 20 July 2020, ​OUSD(R&E) issued a new instruction governing technology and program protection. DoDI 5000.83, "Technology and Program Protection to Maintain Technological Advantage." It is another in a series of functional area instructions that incorporates and replaces parts of DoDI 5000.02T.

This new instruction does the following:

  • "Establishes policy, assigns responsibilities, and provides procedures for science and technology (S&T) managers and engineers to manage system security and cybersecurity technical risks from foreign intelligence collection; hardware, software, cyber, and cyberspace vulnerabilities; supply chain exploitation; and reverse engineering to:
o DoD-sponsored research and technology that is in the interest of national security.
o DoD warfighting capabilities.
  • Assigns responsibilities and provides procedures for S&T managers and lead systems engineers for technology area protection plans (TAPPs), S&T protection, program protection plans (PPPs), and engineering cybersecurity activities."
This policy applies to both in-house S&T/R&D efforts and those out-sourced to government-affiliated organizations such as FFRDCs, industry, and academia.

The policy incorporates and cancels parts of DoDI 5000.02T Enclosures 3 and 13 governing program protection and cybersecurity. Tables 1 & 2 in the new instruction state specific sections of those enclosures that transferred over.

Training on this new policy will likely be incorporated into an existing or a new DAU Rapid Deployment Training package that will be given at a future DAU Webcast as part of the Adaptive Acquisition Framework series.


7/29/2020 9:26 AMNoAsk the Community
0
2/11/2020 12:28 PM
  
Picture Placeholder: CICCO DI
  • CICCO DI
05/20/2020 12:16 PM

​If the government requests this information as part of a forensic analysis as called out in DFARS 7012 paragraph (f), the contractor must in turn request this information from their CSP provider.

If not, then the contractor would be out of compliance with the DFARS clause. 

The only way I view that is one needs to have O365   Government Community Cloud High (GCC High) licenses.

Do all agree?  

Thank You

 Ralph


5/20/2020 12:16 PMNoAsk the Community
0
5/20/2020 12:07 PM
  
Picture Placeholder: STEPHANI HUNSINGER
  • STEPHANI HUNSINGER
23/23/2017 3:27 PM

​How do I transition from DIACAP to RMF?

LARKIN WALKER10/2/2017 8:38 AMNoAsk the Community
5.76460601456614
26/25/2015 5:19 PM