Skip to main content Skip to footer site map
Updates

Acquisition of Services Pathway Integration with the Risk Management Framework : Department of Defense , August 23 , 2023

August 23, 2023

Department of Defense

Download PDF

From the document: "The Acquisition of Services Pathway allows DoD organizations to acquire contracted services with an estimated value at or above the simplified acquisition threshold as defined in the Code of Federal Regulations. Additional acquisition business practices can be found on the Defense Acquisition University Adaptive Acquisition Framework (AAF) website (reference (c).

Whereas DoDI 5000.74, “Defense Acquisition of Services,” provides the applicable policy and the AAF website provides detailed procedural information and acquisition best practices, this page provides implementation guidance on integrating Acquisition of Services and RMF processes together, thus enabling practitioners to use cybersecurity risk management techniques and tools to enhance this Pathway’s activities, when appropriate (reference (d)). This Pathway requires minimal additional guidance beyond existing Assess Only guidance (reference (e)). Organizations may also use other means to assess the cybersecurity risks and mitigations for services as long as those reviews are consistent with Assess Only principles found in DoD policy. This page does not supersede or counteract the need to conduct AAF Pathway-specific actions."

Publishers

Department of Defense

Format

PDF - Download

Related Resources

s