Risk Management Framework (RMF) Services
The Administration requires federal agencies to dynamically manage their cybersecurity at an enterprise level. To support this effort, GSA offers Risk Management Framework (RMF) services Blanket Purchase Agreements (BPAs) through seven industry partners with pre-competed pricing.
The framework considers effectiveness, efficiency, and constraints required by applicable laws, directives, Executive Orders, policies, standards, or regulations. RMF is a mandated element of FISMA compliance (see the reference section below).
How to Order
More information about each awardee, including points of contact, is available in the Risk Management Framework Ordering Guide Rev. 6/2015 [PDF - 913 KB].
Here are the seven (7) RMF BPA awardees, linked to their nongovernment websites.
- Deloitte Consulting, LLP - GS00Q11AEA0018, 06/09/2016;
- DSD Laboratories, Inc. - GS00Q11AEA0019, 06/09/2016;
- G&B Solutions, Inc. - GS00Q11AEA0020, 06/09/2016;
- Knowledge Consulting Group, Inc. - GS00Q11AEA0028, 06/09/2016;
- Telos Corporation - GS00Q11AEA0025, 03/31/2016;
- Tetrad Digital Integrity - GS00Q11AEA0034, 06/09/2016; and
- Veris Group, LLC - GS00Q11AEA0035, 06/09/2016
Guidance, policy and references
- DHS Risk Management Framework (RMF) Certification and Accreditation Service Offerings;
- NIST Special Publication 800-37 - Guide for Applying the Risk Management Framework (RMF) to Federal Information Systems Revision 1 [PDF - 250 KB];
- NIST offers online RMF Training; and
- NIST's Security and Privacy Controls for Federal Information Systems and Organizations (NIST 800-53) [PDF - 4.20 MB].