RFFR (Right Fit For Risk)

Federal cyber security requirement for OFFICIAL: Sensitive contracts.

RFFR requires federal subcontractors handling OFFICIAL: Sensitive data to meet Essential Eight Maturity Level 2 plus ASD ISM controls, validated by an IRAP-endorsed assessor. Annual reassessment typical.