Back to Top Skip to main content Skip to sub-navigation

Risk Management Framework

The Defense Health Agency has a process called the Risk Management Framework (RMF). This process is provided by the Risk Management Executive Division for Information System (IS) and Platform IT (PIT) Systems. 

The RMF provides a structured process. It combines IS security and risk management activities into the system development lifecycle. It also authorizes their use within DOD and DHA. It provides you the capabilities to effectively manage information security risks. This includes ever-increasing system vulnerabilities and sophisticated cyber threats in diverse environments. 

We established the DHA RMF Portal to give guidance, templates, and training to the Information System Security Managers (ISSMs).

The RMF Interactive Workflow Diagram shows the requirements for assessment and authorization. This is a high level guide. It works with other DHA RMF guides available to ISSMs. 

Risk Management Framework

You also may be interested in...

Risk Management Framework Process Workflow


The RMF is the process that the Information System Security Managers use to get and maintain an Authority To Operate (ATO).

Recommended Content:

Risk Management Framework
Showing results 1 - 1 Page 1 of 1
Last Updated: February 01, 2022

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.