Skip main navigation

Military Health System

Clear Your Browser Cache

This website has recently undergone changes. Users finding unexpected concerns may care to clear their browser's cache to ensure a seamless experience.

Skip subpage navigation

Risk Management Framework

The Defense Health Agency has a process called the Risk Management Framework. This process is provided by the Risk Management Executive Division for Information System and Platform IT Systems. 

The RMF provides a structured process. It combines IS security and risk management activities into the system development lifecycle. It also authorizes their use within DOD and DHA. It provides you the capabilities to effectively manage information security risks. This includes ever-increasing system vulnerabilities and sophisticated cyber threats in diverse environments. 

We established the DHA RMF Portal to give guidance, templates, and training to the Information System Security Managers.

The RMF Interactive Workflow Diagram shows the requirements for assessment and authorization. This is a high level guide. It works with other DHA RMF guides available to ISSMs. 


tClick the download link above for a 508-compliant version of this graphic.

You also may be interested in...

Mar 12, 2014

Instruction: #DODI 8510.01, Risk Management Framework for DOD Information Technology

This Instruction reissues and renames DOD Instruction (DODI) 8510.01 in accordance with the authority in DOD Directive (DODD) 5144.02. It also establishes the RMF for DOD IT (referred to in this Instruction as “the RMF”), establishing associated cybersecurity policy, and assigning responsibilities for executing and maintaining the RMF.

  • Identification #: DODI 8510.01
  • Type: Instruction
Last Updated: July 08, 2024
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on X Follow us on YouTube Sign up on GovDelivery