DSS RMF Toolkit

You are here:

Home
Products
DSS RMF Toolkit

How it Works

OVERVIEW
Defense Security Services (DSS) has transitioned to Risk Management Framework (RMF). Cleared contractors processing classified information under the control of DSS are required to complete the full RMF process and obtain IS authorization.

PROBLEM
The RMF is an extremely labor intensive process that is required for all systems, regardless of complexity. The same level of effort for a large WAN-based system is also required for technically simple systems such as: Single-User Standalone (SUSA), Multi-User Standalone (MUSA) and Isolated/Restricted LANs. This has led to expensive, time consuming efforts to obtain the required Authority to Operate (ATO).

SOLUTION
I-Assure has automated and streamlined the DSS RMF process for SUSA/MUSA/LAN systems. Our DSS RMF Toolkit creates all of the required documentation and technical requirements to successfully achieve an ATO. Our solution establishes a direct partnership with cleared contractors to collaboratively execute the RMF and reduce cost and minimize delivery schedule. We will develop all required policies and procedures and provide our customer with automated security lockdown scripts to apply DISA Security Technical Implementation Guide (STIG) settings. The following steps outline our solution:

A no-cost, no-obligation conference call will be held to determine the current system architecture, schedule constraints and discussion of roles and responsibilities. I-Assure will present the road map to success and answer any questions. The purpose of the scoping call is to ensure the DSS RMF Toolkit solution is compatible with the customer’s requirements.

I-Assure will assign a full-time Project Manager (PM) to the RMF effort. The PM will coordinate with the customer point of contact to gather initial system information, define the execution schedule and start the development of all required deliverables. All customer provided information will be integrated into our internal process to author required documentation and develop system-specific security lockdown scripts.

The I-Assure Policy Team will develop the following required documentation: System Security Plan (SSP), SSP Appendices, Contingency Plan, Incident Response Plan, Plan of Actions and Milestones (POA&M), Risk Assessment Report (RAR) and associated artifacts. The I-Assure Technical team will develop the security lockdown scripts, based on the system technologies, and work with the customer to implement on their system.

I-Assure will deliver final documentation to the customer for review and approval. A conference call will be scheduled to review all deliverables. We will address all customer concerns and update deliverables accordingly. The final delivery will satisfy all DSS requirements to achieve an ATO.

During the ATO process, DSS inspectors will review the submitted RMF package and provide comments and concerns. I-Assure will address all DSS concerns and update deliverables accordingly. We will continue to support the RMF effort until an ATO is granted.

Previous tab Next tab

Benefits

Cost Effective

Schedule Effective

Professional Delivery

Proven Acceptance

Testimonials

DSS eMASS Transition - We are Ready!

DSS is projected to transition to eMASS in May 2019

eMASS is a web-based Government off-the-shelf (GOTS) solution that will replace OBMS. I-Assure has worked with eMASS since its inception and currently supports over 150 packages in eMASS. Our DSS RMF Toolkit will easily transition current RMF processes and documentation into eMASS.