Our holistic approach to managing cyber risks is reflected in our cybersecurity Risk Management Framework (RMF).
DMI’s framework stems from applicable laws, regulations, and client guidance. The focus area of this team will be implementing the NIST SP 800-37 Rev 1, Guide for Applying the Risk Management Framework (RMF) to Federal Information Systems: A Security Life Cycle Approach.
We follow the RMF to evaluate threats to determine acceptable risk using Federal and industry information derived from continuous monitoring, and threat statements. Another step is to determine how to cost-effectively mitigate risk based on the intrinsic value of information and importance of the mission/function to be supported. This leads to the identification of controls to be implemented and residual risk in a cost-contained environment. The next step is the implementation of cybersecurity controls and their responsiveness to changes in the threat profile based on continuous monitoring. Finally, a risk review is provided to ensure program and staff offices are working within the framework, individual risks are communicated, and an enterprise view of acceptable risks is provided to our clients.