USAISR IMO staff. Back row: David Fuqua, Donaya Ashoka, Trent Rossey, Glen Gueller and Jose Rodriguez. Second row: Aaron Gleason, Gerardo Smith-Salinas, Martin Dahlman, Derrick Kelley and Phyllis Turner. Third row: Rosalio Gallegos Jr., Christopher Miller, Calvin Cooper, Guy McSweeney II and James Ward. Front row: Bobby Norman, Jorge Villareal, Donald Hardy, Ira Lawson and Bernadette Couteau. Photo by Steven Galvan, USAISR PAO.U.S. Army Institute of Surgical Research
08 SEPT 2016
The U.S. Army Institute of Surgical Research's Information Support System successfully met the requiremements of the Defense Health Agency's new Risk Management Framework to earn a three-year accreditation, the maximum granted by the agency. The accreditation means USAISR's information technology infrastructure is authorized to operate by the DoD.
Information Management Office personnel worked diligently to meet the challenges imposed by the RMF inspection process, the changes in assessment tools, the evolving guidance practices, and the recent transition from MEDCOM to DHA for accreditation approval.
The accreditation was the first granted by DHA to a Medical Research & Materiel Command organization under the RMF platform.
The RMF is a lifecycle-based process for managing information security risk and is now the standard for all government information technology systems.
The Department of Defense began transitioning from the old DoD Information Assurance Certification and Accreditation Process (DIACAP) in 2014.
For the USAISR ISS, the security controls increased from approximately 100 under DIACAP to approximately 400 under RMF.
In addition, the 150 validation procedures under DIACAP increased to approximately 1,500 assessment objectives under RMF.
These increases resulted in an intense level of effort and cost increase to support the accreditation process.