Risk Management Framework

An ever-increasing number of organizations face regulatory requirements that mandate compliance with the NIST RMF and the associated NIST 800 Series of Special Publications and Federal Information Processing Standards (FIPS). Others must comply with related standards, including FedRAMP, NIST 800-171, and the NIST Cybersecurity Framework. And some organizations simply look to the NIST RMF as a proven framework for driving an enterprise approach to cybersecurity.

Since 2004 Lunarline has helped organizations of all shapes and sizes interpret and apply the NIST RMF to meet their unique business and security needs. We’ve worked with the RMF since its inception and have conducted nearly 10,000 successful RMF engagements. Our team also helped write many of the key documents, including NIST 800-53, 800-53a, 800-37 and 800-60.

Our 500+ clients span the intelligence, defense, federal civilian and private sector communities. We’ve helped adapt the RMF to meet the unique needs of specific industries, including:

We approach RMF compliance like engineers, emphasizing creative approaches and best practices that satisfy regulatory compliance without impacting mission or business reality. And we specialize in implementing technical solutions that streamline and automate compliance.

Regulatory compliance is a pain. Our tech-enabled approach to NIST compliance streamlines all six steps of the RMF to reduce cost and eliminate compliance headaches.

The NIST RMF is also increasing in technical complexity with each new revision. The pending NIST 800-53a Revision 5 will put increased emphasis on supply chain risk management, cyber intelligence, penetration testing, encryption and continuous monitoring. We offer proven technical solutions to efficiently satisfy these requirements and future-proof your organization’s RMF compliance.

A lasting approach to security compliance requires trained staff to handle the day-to-day challenges of RMF continuous monitoring. The Lunarline School of Cybersecurity (SCS) provides NIST RMF Training to 10s of thousands of students in the federal private sectors. We offer diverse RMF training options, including onsite instructor-led training, Computer Based Training (CBT), remote learning and custom cyber workforce development programs. Contact us or visit schoolofcybersecurity.com to learn more.

Since 2004 we have helped diverse US Government organizations comply with the Federal Information Security Modernization Act (FISMA). Our Government clients include every cabinet agency, every branch of the US Armed Services, every COCOM, and the Intelligence Community. We also played a key role helping the Department of Defense (DoD) transition to the RMF for DoD IT process and meeting the requirements of the Defense Security Service (DSS) Assessment and Authorization Process Manual (DAAPM).

In addition to supporting Authorization to Operate (ATO) processes, we have proven past performance leading large security Program Management Offices. We have provided CONUS/OCONUS support to some of the Government’s largest system portfolios. We’ve also implemented Cyberscope reporting processes, improved CIO FISMA Metrics processes and helped implement some of the Government’s highest-scoring continuous authorization and monitoring programs.