1 Day


Employees of federal, state and local governments; and businesses working with the government.


Cleared contractor companies are required to have Authorization to Operate (ATO) for classified information systems on their premises, under the purview of the Defense Counterintelligence and Security Agency (DCSA). DCSA employs a unique “flavor” of the Risk Management Framework (RMF).

Course Outline:

RMF Supplement for DCSA Cleared Contractors is a one-day session in which we provide instruction on the unique features of RMF as practiced in the DCSA cleared contractor community.

Topics include:

  • Introduction to DCSA
  • Roles and Responsibilities
  • Types of Systems (SUSA, MUSA, P2P, etc.)
  • RMF Life Cycle (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor)
  • Documentation and artifacts
  • Type Authorization and other special circumstances
  • National Industrial Security Program (NISP) eMASS
  • Support tools