DoD Risk Management Framework (RMF) and Steps to Obtain Authority To Operate (ATO)

DoD has adopted the Risk Management Framework (RMF) for all Information Technology and Operational Technology networks, components and devices to include Facility-Related Control Systems (FRCS). Most Installation Energy and Water ESTCP projects will be required to follow the RMF and, depending on the objectives of the demonstration, obtain an Authorization To Operate (ATO) on the DoD Information Network (DoDIN). The RMF How-To short course was geared to help ESTCP Investigators and Project Teams become familiar with the RMF process, understand the requirements and if/how they apply and learn about the available resources. The course reviewed control system basics, protocols, how to use the NIST Risk Management Framework and the Cybersecurity of Facility-Related Control Systems Design Guidance, guidance on what tools and methods to use to inventory, diagram, identify, attack, defend, contain, eradicate and report a cyber event/incident. 

Instructor: Dr. Mike Chipley, PMC Group
DoD RMF and Steps to Obtain ATO                                               Dr. Mike Chipley, PMC Group

Webinar Series

Promoting the transfer of innovative, cost-effective and sustainable solutions.

View Webinar Schedule


Posts highlighting research, technologies, and tools.

Browse Blog


Schedule of events, solicitation deadlines, and training opportunities.

View Calendar

Headlines & Updates Promo

SERDP and ESTCP Newsletters


SERDP-ESTCP Headlines 2012 - Summer
Winter 2021

   Past Headlines

Program Area Updates

SERDP-ESTCP Headlines 2012 - Summer
Energy and Water
November 2019

Past Program Area Updates