RISK MANAGEMENT FRAMEWORK TRANSITION AFLOAT WAY AHEAD:
1 NAVADMINs are known that
refer back to this one:
R 231550Z AUG 19
FM CNO WASHINGTON DC
INFO CNO WASHINGTON DC
PASS TO OFFICE CODES:
FM CNO WASHINGTON DC//N1//
INFO CNO WASHINGTON DC//N2N6//
MSGID/GENADMIN/CNO WASHINGTON DC/N1/AUG//
SUBJ/RISK MANAGEMENT FRAMEWORK TRANSITION AFLOAT WAY AHEAD//
REF/D/MSG/FLTCYBERCOM/101128Z AUG 17//
NARR/REF A IS DEPARTMENT OF DEFENSE (DOD) INSTRUCTION 8510.01, RISK
MANAGEMENT FRAMEWORK (RMF) FOR DOD INFORMATION TECHNOLOGY (IT).
REF B IS CHIEF OF NAVAL OPERATIONS INSTRUCTION 5239.1D, U.S. NAVY
REF C IS DEPARTMENT OF THE NAVY DEPUTY CHIEF INFORMATION OFFICER (NAVY)
MEMORANDUM WHICH DIRECTS THE TRANSITION TO RMF BY 31 DECEMBER 2020.
REF D IS THE FLTCYBERCOM MESSAGE U.S.
NAVY RMF IMPLEMENTATION STRATEGY/DIACAP TO RMF BRIDGE CONVERSION (RBC) -
UPDATE NR 1.
REF E IS THE FLTCYBERCOM OPORD 19-058 OPERATION TRITON BASTION (OTB) ISO
CAMPAIGN FOR NAVY-WIDE TRANSITION TO RMF.//
RMKS/1. This NAVADMIN provides transition assistance for the afloat
community to assist the Navy in converting to Risk Management Framework (RMF)
by 31 December 2020. This RMF Afloat way ahead process is intended to
provide an alternative solution for attaining RMF site authorizations for
ships, which in turn will allow for a deliberate RMF transition of the
systems hosted on those ships.
2. Ships under U.S. Fleet Forces Command (USFF), Commander, U.S. Pacific
Fleet (COMPACFLT) and Military Sealift Command (MSC) with Defense Information
Assurance Certification and Accreditation Process (DIACAP) Authorizations to
Operate (ATO) that expire on or before 1 January 2020 are authorized to
pursue an Afloat RMF Bridge Conversion (RBC). The intent of the Afloat RBC
is to utilize the assessed and certified risk of a DIACAP submission, and
issue an RMF ATO instead of a DIACAP ATO. The Afloat RBC ATO will be issued
for no more than 12 months. All ships under the scope of this NAVADMIN will
be required to transition to full RMF on or before the Authorization
Termination Date (ATD) of their respective RBC. Amplifying guidance is as
a. The Package Submitting Officer (PSO) will process the package for a
DIACAP Certification Determination (CD) issuance from the Navy Security
Control Assessor for impacted ships as per references (c) and (d).
b. The DIACAP CD shall be no older than 180 days.
c. Following the CD issuance, the PSO will process the package for an
Afloat RBC following reference (d).
d. All DIACAP artifacts will be in compliance with reference (d).
e. The DIACAP artifacts that accompanied the DIACAP submission will be
used to leverage Afloat RBCs.
3. Programs outside of the afloat community are eligible for additional new
alternate RMF transition processes, which are detailed in reference (e).
4. This NAVADMIN will remain in effect until cancelled or superseded.
5. Released by VADM Matthew J. Kohler, Deputy Chief of Naval Operations for
Information Warfare, OPNAV N2N6.//