DoD CIO RFI for Risk Management Framework (RMF) Revamp
ID: CIORFIRMFRevamp001Type: Sources Sought
Overview

Buyer

DEPT OF DEFENSEWASHINGTON HEADQUARTERS SERVICES (WHS)WASHINGTON HEADQUARTERS SERVICESWASHINGTON, DC, 203011000, USA

Original Source

https://sam.gov/opp/8b41e0377f454c93b843498dd599b2c3/view
Timeline
    Description

    The Department of Defense (DoD) is issuing a Request for Information (RFI) to gather insights on revamping its Risk Management Framework (RMF), a critical component for managing cybersecurity risks. The RFI aims to identify innovative solutions that can enhance the efficiency of the RMF, streamline the approval process for operational capabilities, and improve cybersecurity resilience through methodologies such as artificial intelligence, automated risk assessments, and continuous monitoring. This initiative is vital for adapting to evolving cyber threats and ensuring the operational readiness of DoD systems. Interested parties must submit their responses electronically by July 24, 2025, to the designated contacts, with detailed information on current capabilities and best practices as outlined in the RFI documentation.

    Point(s) of Contact
    Leanne Condren
    leanne.m.condren.civ@mail.mil
    Files
    Title
    Posted
    RFI_RMF_Reform (002).pdf
    The Department of Defense (DoD) is issuing a Request for Information (RFI) to gather industry insights on revamping its Risk Management Framework (RMF). The RMF is critical for managing cybersecurity risks but is perceived as inefficient. The RFI seeks innovative solutions that can streamline the approval process for operational capabilities while bolstering cybersecurity resilience. Key areas of interest include the use of artificial intelligence, automated risk assessments, and continuous monitoring mechanisms. Industry feedback is solicited on methodologies for integrating cybersecurity protections during system design, assessment, testing, and monitoring phases. The RFI emphasizes the importance of rapid integration, proactive cyber defense, and effective vulnerability management. Responses should provide detailed information on current capabilities, technical frameworks, and best practices, formatted according to specific guidelines. The due date for submissions is July 24, 2025, and firms must submit electronically to designated contacts. This initiative aligns with the DoD's commitment to adapt to evolving cyber threats and enhance the operational readiness of its systems.
    Lifecycle
    Title
    Type
    DoD CIO RFI for Risk Management Framework (RMF) Revamp
    Currently viewing
    Sources Sought
    Similar Opportunities
    Request for Information - Data at Rest
    Dept Of Defense
    The Department of Defense, through the Air Force Life Cycle Management Center (AFLCMC), is issuing a Request for Information (RFI) to identify sources capable of providing Commercial Solutions for Classified (CSfC) Dual Data at Rest (DAR) capabilities for Tactical Air Control Party Modernization (TACP-M) Core Computers. The objective is to enhance operational security by ensuring that classified data is properly sanitized when computers are powered off or logged out, thereby allowing them to be considered unclassified and mitigating logistical and operational security concerns during travel and field operations. The proposed solution requires a minimum hardware update to NVMe SSD hard drives (M.2 2280, TCG Opal compliant, 1 TB minimum) and a software update for full disk encryption, with compliance to NSA certification for Full Drive Encryption (FDE) and NIAP-approved collaborative protection profiles. Interested parties must submit their responses, including company data, product capabilities, rough cost estimates, and potential risks, by January 5, 2026. For further inquiries, contact Edwin Hernandez Mendez at edwin.hernandezmendez.2@us.af.mil or Denis Grenier at denis.grenier@us.af.mil.
    AI-Powered Software Development and Modernization
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is issuing a Request for Information (RFI) to identify sources capable of providing AI-powered software development and modernization solutions. The objective is to explore advanced capabilities in AI-assisted and fully autonomous coding practices for both new software development and the refactoring of existing applications built on platforms such as Salesforce, ServiceNow, and Outsystems. This initiative is crucial for modernizing critical applications and enhancing the software development lifecycle through innovative AI technologies. Interested parties must submit their responses by January 9, 2026, to the designated contacts, Melissa Mattis and Corey Collins, via the provided email addresses.
    RFI: HAF/A5 Advanced Wargaming and Simulation Technologies for Integrated Force Design
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is conducting a Request for Information (RFI) to identify U.S. vendors capable of providing advanced wargaming and simulation technologies for the Integrated Force Design initiative, known as the WarMatrix Ecosystem. The Air Force aims to transform its current capabilities by developing a digital system that enhances decision-making through advanced software, modeling and simulation (M&S), and Artificial Intelligence (AI), addressing existing challenges with outdated tools and disconnected systems. This initiative is crucial for achieving Decision Superiority and refining force design in future military campaigns. Interested vendors must submit capability briefs by January 9, 2026, at 2:00 PM EST, to Capt Richard Snyder at richard.snyder.12@us.af.mil, detailing their relevant technologies and experience.
    Department of the Air Force (DAF) Identity, Credential, and Access Management (ICAM) Enterprise III, Request For Information (RFI)
    Dept Of Defense
    The Department of the Air Force (DAF) is seeking a qualified vendor to provide comprehensive services for its Identity, Credential, and Access Management (ICAM) Enterprise III program, as outlined in a Request for Information (RFI). The procurement aims to identify a single vendor capable of managing platform operations, sustainment, and enhancement of the DAF ICAM platform, which is critical for onboarding over 3,300 applications and supporting a user base of over 750,000 personnel and millions of non-person entities. This initiative is part of a broader cybersecurity transformation to transition to a Zero Trust Architecture, aligning with the Department of Defense's Digital Modernization Strategy. Interested parties must submit their responses by January 6, 2026, and can direct inquiries to Kurtavius Brown at kurtavius.brown@us.af.mil or Darnita McBride at darnita.mcbride@us.af.mil.
    Request for Information: Collaborative Integrated Air and Missile Defense requirements
    Dept Of Defense
    The Department of Defense, through the Naval Information Warfare Systems Command (NAVWAR), is seeking industry input for the Collaborative Integrated Air and Missile Defense (IAMD) Planning Program. This Request for Information (RFI) aims to gather innovative software solutions, particularly those utilizing Artificial Intelligence (AI), to enhance IAMD planning capabilities for the U.S. Navy, including mission analysis, Course of Action (COA) development, and execution transition. The information collected will support the development, prototyping, production, and sustainment of software solutions that integrate with existing Navy systems. Interested parties are invited to submit white papers detailing their solutions and strategies by November 3, 2025, and may contact Rachel Jimenez at rachel.r.jimenez5.civ@us.navy.mil or Christopher Auen at christopher.d.auen.civ@us.navy.mil for further inquiries.
    SAF/CDM FENCES Requirement
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is seeking information regarding the SAF/CDM FENCES requirement, which aims to provide secure cloud computing services through a Platform-as-a-Service (PaaS) supported by Infrastructure-as-a-Service (IaaS) for Special Access Program (SAP) customers. The initiative focuses on enabling these customers to access multiple commercial cloud capabilities in a manner that complies with Department of Defense policies and guidelines, ensuring high availability, scalability, and cybersecurity. Interested parties are encouraged to respond to the Request for Information (RFI) by January 5, 2026, addressing specific questions related to contract strategy and technical requirements. For further inquiries, contact Christina Fernandez at christina.fernandez@us.af.mil or Agatha Hebbe at agatha.hebbe@us.af.mil.
    Protecting Army Modernization and Supply Chains- Commercial Solutions Opening (CSO)
    Dept Of Defense
    The Department of Defense, through the Army Contracting Command, is seeking innovative solutions to enhance cybersecurity within the Defense Industrial Base (DIB) as part of the Protecting Army Modernization and Supply Chains initiative. This opportunity invites proposals for automated cybersecurity measures that comply with critical standards such as NIST controls and Cybersecurity Maturity Model Certification (CMMC), aimed at supporting small businesses in mitigating cyber threats while ensuring the protection of intellectual property and secure access. The initiative is crucial for safeguarding defense technologies and ensuring the rapid delivery of military capabilities, with submissions accepted until March 6, 2030. Interested parties can contact the Army NCODE Team at usarmy.apg.acc.mbx.dc3oe-ncode-cso@army.mil for further information.
    FUTURE J-BOOKS PLATFORM
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is conducting market research for the development of a modernized Artificial Intelligence (AI) enabled Congressional Justification Books (J-Books) platform. This initiative aims to replace four legacy systems (IDECS, EAS, AF MIDAS, and KDSS) by automating the manual process of creating J-Books through the integration of AI capabilities, including Large Language Models (LLMs) and Corporate Performance Management (CPM) platforms, while ensuring compliance with DoD cloud security requirements. Interested contractors with expertise in AI-enabled financial systems, cloud architecture, and cybersecurity are invited to respond to the Request for Information (RFI) by January 6, 2026, with detailed descriptions of their relevant experience and project references. For further inquiries, potential respondents can contact Douglas Miller at douglas.miller.36@us.af.mil or Daniel Berens at daniel.berens@us.af.mil.
    FA830726RB013 - Hashi-Corp RFI
    Dept Of Defense
    The Department of Defense, specifically the Air Force Life Cycle Management Center (AFLCMC), is issuing a Request for Information (RFI) regarding Hashi-Corp licenses and alternative software solutions aimed at enhancing the security and compliance of software development within the United States Air Force (USAF). The primary objective is to identify commercial software products and services that can facilitate the creation and maintenance of software threat models, secure code, and protected storage for sensitive information in a cloud environment. This initiative is critical for ensuring the security of Platform One (P1) systems and mitigating risks associated with unauthorized access to sensitive resources. Interested vendors are required to submit their responses using the provided Requirements Capability Sheet, detailing their software options, associated costs, and capabilities, with submissions directed to the Platform One License Management Team at aflcmc.hncx.p1licensemanagement@us.af.mil or to the Contracting Officer, Major Jamail Walker, at aflcmc.hnckp.platformonectr@us.af.mil. This RFI is for planning purposes only, and the government reserves the right to make no award.
    RFI - Enhanced Data Rate (SEDR) Waveform onto Operational Radios
    Dept Of Defense
    The Department of Defense, specifically the Air Force Life Cycle Management Center (AFLCMC), is seeking qualified vendors to port the Enhanced Data Rate (SEDR) waveform onto operational software-defined radios. This Request for Information (RFI) aims to identify vendors with the necessary expertise to implement the SEDR waveform, which includes obtaining required certifications such as NSA Type-1 for COMSEC and ensuring airworthiness and security compliance. The successful integration of this technology is crucial for enhancing communication capabilities within military operations. Interested parties must submit a Statement of Interest by December 19, 2025, detailing their qualifications and technical experience, while questions regarding the RFI are due by November 21, 2025. For further inquiries, vendors can contact Aidan Nugent at aidan.nugent@us.af.mil or Alexandra Hutchinson at Alexandra.Hutchinson.1@us.af.mil.