Major Capability Acquisition Pathway Integration with Risk Management Framework : Department of Defense , August 23 , 2023
From the document: “The Major Capability Acquisition (MCA) Pathway is designed to acquire and modernize military unique systems that provide enduring capability. To adequately address cybersecurity risks in MCA activities, effective integration between Adaptive Acquisition Framework (AAF) and RMF teams needs is required.
Whereas DoDI 5000.85, “Major Capability Acquisition,” details the applicable policy and the AAF website provides acquisition best business practice, this page provides implementation guidance on integrating MCA and RMF processes thus enabling program office staff to use cybersecurity risk management techniques and tools to enhance major capability acquisition efforts (references (c) and (d)). This page does not supersede or eliminate the requirement to conduct AAF Pathway-specific actions.
Systems developed via the MCA Pathway follow the traditional RMF implementation processes as established in DoDI 8510.01 and on the RMF Knowledge Service (reference (a) and (e)). Unique AAF and RMF artifacts can support documentation and artifact creation in both processes. As such, this guidance maps RMF Steps, which are iterative in nature, and artifacts to each MCA phase.”
Related Resources