Quanterion has performed multiple Certification & Accreditation (C&A) efforts for DoD agencies under the recently adopted National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). The transition from the former DoD Information Assurance Certification and Accreditation Process (DIACAP) to the RMF has significantly complicated this process as a result of the defense community’s lack of familiarity with the RMF framework, the NIST security controls, and the new security categorization process. Quanterion’s domain expertise and community awareness have allowed us to provide invaluable support to organizations facing the challenge of an upcoming C&A.