Developed by Fathom5, in support of Naval Sea Systems Command, ASAP is an approved implementation of the Risk Management Framework (RMF) to shorten timelines for cybersecurity authorization while increasing cybersecurity engineering rigor. ASAP enables the rapid and continuous delivery of mission critical software at the speed of relevance by adapting current RMF business rules to modern Development, Security, and Operations (DevSecOps). The ASAP framework includes implementation principles, guidelines, requirements, and workflows.

ASAP key components:

• Tactical Edge Ecosystem – The complete collection of information systems involved in the development, sustainment, and production environments for a software product
• Criteria for Continuous Delivery (CfCD) – Requirements, guidance, and thresholds for continuous delivery of secure software
• Software Factory – The part of the Tactical Edge Ecosystem involved in the development, testing, verification, and delivery stages of a software product's lifecycle
• Edge Production Environment - Operational system where software developed in the Software Factory is deployed
• Certificate to Ship (CtS) – RMF authorization for software based on its security posture