RMF for Contractors and Vendors

Private sector organizations providing products and services to the government are subject to information security oversight by their federal customers. The nature of contractors’ involvement with RMF depends upon type of products or service provided and the specific contractual relationship.

  • “Direct support” contractors. These are companies who provide direct labor in support of government programs, typically sending contractor personnel to work at the government site alongside of government staff. Such individuals typically work under the direct supervision of a government manager and may be given information security responsibilities, including FISMA and RMF-related work.
  • Product manufacturers/vendors. These are companies who develop/manufacture hardware and/or software products intended for installation in government facilities. Examples are software developers, medical device manufacturers, environmental control system manufacturers, etc. Such organizations will be involved with RMF at several levels:
    • Ensuring their product is “FISMA compliant” (i.e., compliance with government security controls such as NIST SP 800-53 or DoDI 8500.2)
    • Providing documentation in support of their product’s compliance
    • Supporting their government customer’s efforts to obtain security authorization (accreditation) of the product in its installed environment, in accordance with FISMA and RMF
  • Outsourced service providers. These are companies who utilize their own IT facilities to process government information. Examples are companies providing web-based education to government personnel, companies processing claims for government insurance programs, etc. Such organizations are required to work in partnership with their government customers to obtain security authorization (accreditation) of their IT infrastructure in accordance with FISMA and RMF.

RMF Resource Center is committed to supporting all the above types of contractor organizations. All of our RMF Training courses are open to contractors as well as federal employees. In addition, our instructors are available to provide “on site” RMF training at the contractor’s own facility. We have special consulting programs tailored to meet the needs of product manufacturers/vendors and outsourced service providers.
 

Training

Our RMF training program consists of a one-day RMF Fundamentals class, followed by a three-day RMF In Depth class. The full four day program is offered on a regularly-scheduled basis at our training site in Colorado Springs, Huntsville and Washington, DC, with expansion to our other training sites nationwide planned for FY12. RMF training can also be provided at your site if you have a group of students (normally 8-10 or more). Click here for more information.

Consulting Services

RMF Resource Center offers a variety of consulting services to help government agencies and their contractors achieve FISMA compliance through implementation of RMF. We have consulting programs tailored to the needs of federal agencies, product manufacturers/vendors, and outsourced service providers. Click here for more information.

 

Signup to receive our Newsletter or view archived newsletters

Latest News

Preparation for the CAP (Certified Authorization Professional) examination is now included in our RMF training program.  The full four-day training program (RMF Fundamentals + RMF In-Depth) covers all seven domains in the CAP body of knowledge.

Find us on FacebookFollow us on Facebook

Follow us on LinkinFind us on Linked In