DoD has adopted the Risk Management Framework (RMF) for all Information Technology and Operational Technology networks, components and devices to include Facility-Related Control Systems (FRCS). Most Installation Energy and Water ESTCP projects will be required to follow the RMF and, depending on the objectives of the demonstration, obtain an Authorization To Operate (ATO) on the DoD Information Network (DoDIN). The RMF How-To short course was geared to help ESTCP Investigators and Project Teams become familiar with the RMF process, understand the requirements and if/how they apply and learn about the available resources. The course reviewed control system basics, protocols, how to use the NIST Risk Management Framework and the Cybersecurity of Facility-Related Control Systems Design Guidance, guidance on what tools and methods to use to inventory, diagram, identify, attack, defend, contain, eradicate and report a cyber event/incident. 

Instructor: Dr. Mike Chipley, PMC Group

DoD RMF and Steps to Obtain ATO

                                              Dr. Mike Chipley, PMC Group