Welcome to the GNS Risk Management Framework BPA Site

The BPA is based on NIST 800-37 rev. 1 and offers services representing the key disciplines and functions required to attain and maintain authority to operate (ATO). Additionally, the BPA covers the evolving need for near real-time situational awareness and enterprise risk management via continuous monitoring, implementing automation, and ensuring IT/cyber security is an integral part of the system development lifecycle This task consists of 6 RMF Services.

How to Navigate Through This Site

This site presents extensive information on the contract and how to obtain these services. A summary of the contract services is provided below. For details click on our Statement of Work (SOW) in the document library. If you wish to determine which of the five tiers your system falls into, check out our Determining System Complexity Factor document also located in the document library. Use the Pricing file also in the document library for tier prices. For information on how to order any of our services please refer to the Ordering Instructions document in the document library. For any further questions refer to our Point of Contact.

Summary of Services

	Statement of Work - Task 1: Categorize Information System; - Task 2: Select Security Controls; - Task 3: Implement Security Controls; - Task 4: Assess Security Controls; - Task 5: Authorize Information System; - Task 6: Monitor Security Controls; and - Other Security Services.
	Please note that each of the task areas above have multiple sub-tasks that can be acquired separately or in combination. See SOW section for details.