Risk Management Framework: Step-by-Step

  • Security Concept of Operations: Define the operational context.
  • Categorize System: Determine risk profiles for Confidentiality, Integrity, and Availability.
  • Select Controls: Review RMF baseline of controls within operational context.
  • Implement & Assess Controls: Operational feedback can inform adjustments to the controls.
  • Authorize System: Obtain the Authorization to Operate (ATO).

Navy Qualified Validator (NQV) Support for U.S. Navy RMF Authorization to Operate (ATO)

Gaining or renewing an Authorization to Operate (ATO) requires a Navy Qualified Validator (NQV) work with a program’s Information System Security Engineer (ISSE).

The NQV serves as a representative to the Navy’s Security Control Assessor (SCA).  The NQV can provide consulting support for the development of a System Security Plan, and completes risk assessment and auditing steps.

Please contact us about working with your Program Office or your Program Office customer in support of your RMF cybersecurity efforts.