DoD CIO RFI for Risk Management Framework (RMF) Revamp
ID: CIORFIRMFRevamp001Type: Sources Sought
Overview

Buyer

DEPT OF DEFENSEWASHINGTON HEADQUARTERS SERVICES (WHS)WASHINGTON HEADQUARTERS SERVICESWASHINGTON, DC, 203011000, USA

Original Source

https://sam.gov/opp/8b41e0377f454c93b843498dd599b2c3/view
Timeline
    Description

    The Department of Defense (DoD) is issuing a Request for Information (RFI) to gather insights on revamping its Risk Management Framework (RMF), a critical component for managing cybersecurity risks. The RFI aims to identify innovative solutions that can enhance the efficiency of the RMF, streamline the approval process for operational capabilities, and improve cybersecurity resilience through methodologies such as artificial intelligence, automated risk assessments, and continuous monitoring. This initiative is vital for adapting to evolving cyber threats and ensuring the operational readiness of DoD systems. Interested parties must submit their responses electronically by July 24, 2025, to the designated contacts, with detailed information on current capabilities and best practices as outlined in the RFI documentation.

    Point(s) of Contact
    Leanne Condren
    leanne.m.condren.civ@mail.mil
    Files
    Title
    Posted
    RFI_RMF_Reform (002).pdf
    The Department of Defense (DoD) is issuing a Request for Information (RFI) to gather industry insights on revamping its Risk Management Framework (RMF). The RMF is critical for managing cybersecurity risks but is perceived as inefficient. The RFI seeks innovative solutions that can streamline the approval process for operational capabilities while bolstering cybersecurity resilience. Key areas of interest include the use of artificial intelligence, automated risk assessments, and continuous monitoring mechanisms. Industry feedback is solicited on methodologies for integrating cybersecurity protections during system design, assessment, testing, and monitoring phases. The RFI emphasizes the importance of rapid integration, proactive cyber defense, and effective vulnerability management. Responses should provide detailed information on current capabilities, technical frameworks, and best practices, formatted according to specific guidelines. The due date for submissions is July 24, 2025, and firms must submit electronically to designated contacts. This initiative aligns with the DoD's commitment to adapt to evolving cyber threats and enhance the operational readiness of its systems.
    Lifecycle
    Title
    Type
    DoD CIO RFI for Risk Management Framework (RMF) Revamp
    Currently viewing
    Sources Sought
    Similar Opportunities
    RFI: HAF/A5 Advanced Wargaming and Simulation Technologies for Integrated Force Design
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is conducting a Request for Information (RFI) to identify U.S. vendors capable of providing advanced wargaming and simulation technologies for the Integrated Force Design initiative, known as the WarMatrix Ecosystem. The Air Force aims to transform its current capabilities by developing a digital system that enhances decision-making through advanced software, modeling and simulation (M&S), and Artificial Intelligence (AI), addressing existing challenges with outdated tools and disconnected systems. This initiative is crucial for achieving Decision Superiority and refining force design in future military campaigns. Interested vendors must submit capability briefs by January 9, 2026, at 2:00 PM EST, to Capt Richard Snyder at richard.snyder.12@us.af.mil, detailing their relevant technologies and experience.
    Department of the Air Force (DAF) Identity, Credential, and Access Management (ICAM) Enterprise III, Request For Information (RFI)
    Dept Of Defense
    The Department of the Air Force (DAF) is seeking a qualified vendor to provide comprehensive services for its Identity, Credential, and Access Management (ICAM) Enterprise III program, as outlined in a Request for Information (RFI). The procurement aims to identify a single vendor capable of managing platform operations, sustainment, and enhancement of the DAF ICAM platform, which is critical for onboarding over 3,300 applications and supporting a user base of over 750,000 personnel and millions of non-person entities. This initiative is part of a broader cybersecurity transformation to transition to a Zero Trust Architecture, aligning with the Department of Defense's Digital Modernization Strategy. Interested parties must submit their responses by January 6, 2026, and can direct inquiries to Kurtavius Brown at kurtavius.brown@us.af.mil or Darnita McBride at darnita.mcbride@us.af.mil.
    Request for Information: Collaborative Integrated Air and Missile Defense requirements
    Dept Of Defense
    The Department of Defense, through the Naval Information Warfare Systems Command (NAVWAR), is seeking industry input for the Collaborative Integrated Air and Missile Defense (IAMD) Planning Program. This Request for Information (RFI) aims to gather innovative software solutions, particularly those utilizing Artificial Intelligence (AI), to enhance IAMD planning capabilities for the U.S. Navy, including mission analysis, Course of Action (COA) development, and execution transition. The information collected will support the development, prototyping, production, and sustainment of software solutions that integrate with existing Navy systems. Interested parties are invited to submit white papers detailing their solutions and strategies by November 3, 2025, and may contact Rachel Jimenez at rachel.r.jimenez5.civ@us.navy.mil or Christopher Auen at christopher.d.auen.civ@us.navy.mil for further inquiries.
    Battle Management and Mission Autonomy (BMMA) Software Platforms
    Dept Of Defense
    The Department of Defense, specifically the Army Contracting Command at Aberdeen Proving Ground, is seeking information on Battle Management and Mission Autonomy (BMMA) Software Platforms through a Request for Information (RFI). The objective is to gather insights on software solutions that support Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance, and Reconnaissance (C5ISR) capabilities, focusing on mission autonomy for unmanned systems, multi-domain command and control, and sensor fusion. This initiative is crucial for enhancing operational effectiveness in military missions, leveraging advanced technologies such as edge AI and real-time data fusion. Interested vendors must submit their responses by December 15, 2025, and direct any inquiries to Kristin Height or Robin Delossantos via email by December 8, 2025.
    Protecting Army Modernization and Supply Chains- Commercial Solutions Opening (CSO)
    Dept Of Defense
    The Department of Defense, through the Army Contracting Command, is seeking innovative solutions to enhance cybersecurity within the Defense Industrial Base (DIB) as part of the Protecting Army Modernization and Supply Chains initiative. This opportunity invites proposals for automated cybersecurity measures that comply with critical standards such as NIST controls and Cybersecurity Maturity Model Certification (CMMC), aimed at supporting small businesses in mitigating cyber threats while ensuring the protection of intellectual property and secure access. The initiative is crucial for safeguarding defense technologies and ensuring the rapid delivery of military capabilities, with submissions accepted until March 6, 2030. Interested parties can contact the Army NCODE Team at usarmy.apg.acc.mbx.dc3oe-ncode-cso@army.mil for further information.
    Request for Information (RFI) for Passive Defense Solutions
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, has issued a Request for Information (RFI) for passive defense solutions aimed at countering threats posed by Group 1-3 Unmanned Aerial Systems (UAS) to USAF assets. The Air Force is seeking industry input on solutions that utilize Camouflage, Concealment, Deception, and Hardening (CC&D+H) measures, with an emphasis on low-cost, user-friendly, and rapidly deployable options that can integrate with existing systems. These solutions are critical for enhancing the protection of Air Force assets by reducing spectral and visual signatures while ensuring operational continuity. Interested vendors are required to submit a five-page response detailing their company overview, proposed solutions, technical approaches, performance data, and cost/schedule by December 22, 2025, at 1600 EST. For further inquiries, vendors may contact Timothy Overby at timothy.overby.1@us.af.mil or Jennifer Judkins at jennifer.judkins@us.af.mil.
    FUTURE J-BOOKS PLATFORM
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is conducting market research for the development of a modernized Artificial Intelligence (AI) enabled Congressional Justification Books (J-Books) platform. This initiative aims to replace four legacy systems (IDECS, EAS, AF MIDAS, and KDSS) by automating the manual process of creating J-Books through the integration of AI capabilities, including Large Language Models (LLMs) and Corporate Performance Management (CPM) platforms, while ensuring compliance with DoD cloud security requirements. Interested contractors with expertise in AI-enabled financial systems, cloud architecture, and cybersecurity are invited to respond to the Request for Information (RFI) by January 6, 2026, with detailed descriptions of their relevant experience and project references. For further inquiries, potential respondents can contact Douglas Miller at douglas.miller.36@us.af.mil or Daniel Berens at daniel.berens@us.af.mil.
    Request for Information Trusted Partner Program
    Dept Of Defense
    The Department of Defense, specifically the U.S. Army Contracting Command-Aberdeen Proving Ground-Research Triangle Park (ACC-APG-RTP), is issuing a Request for Information (RFI) to identify academic institutions interested in participating in a Trusted Partner Program (TPP) to support the U.S. Army Combat Capabilities Development Command (DEVCOM) Army Research Laboratory (ARL). The RFI aims to gather market research on potential offerors capable of conducting basic scientific research and providing science, technology, and engineering support across eleven key technical fields, with an emphasis on interdisciplinary projects and the ability to handle sensitive information. Responses to this RFI are voluntary and will inform the potential establishment of a Multiple Award Indefinite Delivery/Indefinite Quantity (ID/IQ) contract, with submissions due by December 31, 2025. Interested parties should direct inquiries to Meaghan Pimsler at meaghan.l.pimsler.civ@army.mil.
    Theater Air Planning System of Sytems Dynamic Mission Replanning (TAP SoS DMR)
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is seeking industry solutions for the Theater Air Planning System of Systems Dynamic Mission Replanning (TAP SoS DMR) initiative. The primary objective is to automate the identification of Courses of Action (CoAs) for air operations replanning, enhancing the speed and effectiveness of mission execution by reducing reliance on human interactions. This initiative is critical as it addresses the complexities of modern battlespaces, enabling joint and coalition forces to operate seamlessly across multiple domains. Interested parties are invited to an Industry Day on June 16-17, 2025, at Hanscom AFB, MA, with responses to the Request for Information (RFI) due by June 30, 2025, at 5:00 PM ET. For further inquiries, contact Cody Sheehan at cody.sheehan@us.af.mil.
    Facilities Acquisitions for Restoration and Modernization (FARM) III
    Dept Of Defense
    The Department of Defense, specifically the Department of the Air Force, is seeking industry feedback through a Request for Information (RFI) for the Facilities Acquisitions for Restoration and Modernization (FARM) III program. The primary objective of this RFI is to gather insights on the government's acquisition strategy, particularly regarding the Highest Technically Rated Offeror (HTRO) source selection evaluation approach, and to discuss Joint Certification Program (JCP) certification requirements. This initiative is crucial for ensuring that the selected contractors possess the necessary technical capabilities and past performance to support Department of Defense installations effectively. Interested parties must submit their responses by 11:00 AM CST on December 19, 2025, via email to Robert Mosley and Andrew Waggoner, with proprietary information clearly marked.