June 12, 2026
New DoD 8140 Memo: What Defense Contractors Must Do Now
A May 27, 2026 DoW CIO memo requires contractor cyber personnel to meet DCWF work role qualifications. Here's what changed, the timeline, and your next steps.
Read Article
June 9, 2026
DoD 8140 Work Role & Certification Mapping Guide (Free Download)
Free DoD 8140 work role mapping guide for training managers and contracting officers. Download our reference chart mapping every Cyberspace IT and Cybersecurity …
DoD 8140
DCWF
DoDM 8140.03
cybersecurity certifications
work roles
training managers
contracting officers
DoD compliance
Read Article 
February 23, 2026
Guide to Zero Trust Architecture for DoD: Building a More Resilient Defense
The landscape of cyber threats targeting the Department of Defense (DoD) is constantly evolving, demanding a paradigm shift in how we secure critical…
Read Article
April 17, 2024
Strengthening Cybersecurity: Navigating the Risk Management Framework for DoD IT
In an era marked by evolving cyber threats and stringent security requirements, the Department of Defense (DoD) plays a pivotal role in safeguarding…
Read Article
September 27, 2023
Navigating the Risk Management Framework (RMF) for DoD and Government Agencies
In today's tech-driven world, safeguarding sensitive data and critical systems is a top priority, especially for government agencies, including the…
Read Article
February 8, 2022
DoD Transition to NIST SP 800-53 Rev 5 … Why is it Taking so Long?
Welcome to 2022! It’s now been well over a year since the release of NIST SP 800-53 Rev 5, yet Rev 4 remains the DoD standard.
Read Article
May 25, 2021
RMF Across the Government Landscape
More than ten years ago, RMF came into existence with the intention of becoming the “unified information security framework for the federal government”.
Read Article
November 12, 2019
Ask Dr. RMF!
Dear Dr. RMF, I work in an Army program and I feel like I am getting the hang of RMF, but when the heck do I schedule an independent assessment (SCA-V)?
Read Article
November 12, 2019
Cybersecurity Framework – Is it relevant to Federal/DoD organizations?
Just when folks were beginning to get somewhat comfortable … or, at least, familiar … with the Risk Management Framework (RMF), along come our friends at…
Read Article
April 15, 2019
Ask Dr. RMF
Dear Dr. RMF, Government IT Security staff work with systems owners to make sure that all systems in the agency have implemented the proper Risk Management…
Read Article
January 11, 2019
Powerful but not well understood: Reciprocity, Type Authorization, and Assess Only
All of us who have spent time working with RMF have come to understand just what a time-consuming and resource-intensive process it can be.
Read Article
October 9, 2018
Is RMF Broken? Can it be fixed or is it beyond repair?
Thanks to the work of the Joint Task Force, RMF is now the official information security life cycle process across all three “segments” of the Executive…
Read Article
July 17, 2018
NIST 800-171: Confusion and the Protest Docket
I’m sure by now you’ve at least familiarized yourself with NIST 800- 171, “Protecting Unclassified Information in Nonfederal Information Systems and…
Read Article
April 17, 2018
RMF and the Defense Security Service (DSS)
The Defense Security Service (DSS) serves as an interface between the government and cleared industry.
Read Article
February 5, 2018
NIST 171: What’s That?
If you heard a whooshing sound on New Years Eve, that was probably the deadline for compliance with NIST 171 flying by.
Read Article
October 17, 2017
Is Your System a National Security System (NSS)? and How Does That Affect RMF Efforts?
By federal law, an information system will be designated as a National Security System (NSS) in accordance with the following definition: The term “national…
Read Article
September 16, 2016
Understanding the Authorization Decision
If you ask most system owners about the desired outcome of their RMF efforts, they will readily tell you “we are expecting the Authorizing Official (AO) to…
Read Article
March 11, 2015
RMF Transition: What do I Really Need to Know?
It’s hard to believe it’s been a whole year since the publication of DoD Instruction (DoDI) 8510.01 in March of 2014, which officially began the transition…
Read Article
October 16, 2014
Spotlight: Transitioning to the Risk Management Framework (RMF)
With the publication of revised DoD Instruction 8510.01, adoption of the Risk Management Framework (RMF) by DoD has begun.
Read Article
July 18, 2014
Top Ten: Ensuring a Smooth Transition to RMF
Now that DoD has “officially” begun its adoption of “RMF for DoD IT”, let’s take a look at some of the things your organization can do to ensure a smooth…
Read Article
April 10, 2014
Top 10 Things that Will Be Staying the Same with RMF
As DoD begins its transition from DIACAP to Risk Management Framework for DoD IT, everyone is naturally focused on all the things that will be…
Read Article
April 8, 2014
Top Ten: What’s “new” in RMF for DoD IT?
Now that DoD has “officially” begun its adoption of RMF, let’s take a look at some of the things that are “new”! 10. Cybersecurity.
Read Article
July 16, 2012
Chief Information Officers Council – Roadmap Toward IPv6 Adoption for the Federal Government
Just last week (July 12, 2012), the Chief Information Officers Council released this updated version of the Roadmap Toward IPv6 Adoption for the Federal…
Read Article
May 20, 2011
The Debate Surrounding Section 6.5.4.1
The IANA (Internet Assigned Number Authority) distributes IPv6 address to RIR's (Regional Internet Registry's) around the world.
Read Article