Skip to content

Continuous Delivery Risk Management Framework (CD-RMF) Playbook©

AKA THE C-ATO1 PLAYBOOK


Continuous Delivery Risk Management Framework (CD-RMF) Playbook © 2023 by Rise8, Inc. is licensed under CC BY-ND 4.0. This license requires that reusers give credit to the creator. It allows reusers to copy and distribute the material in any medium or format in unadapted form only, even for commercial purposes.

README: Please first read our Manifesto for a Continuous Delivery Risk Management Framework (CD-RMF)©. To advance that cause, we are making our internal playbook available to the entire govtech community.

This is v1, and we would love your feedback. We had to significantly modify our internal playbook to make it applicable to a wider audience, but we struggled to balance how deep to go on basics as well as how much of NIST documentation to rehash. Feedback there would be especially helpful.

In return for sharing this, we ask you to use it for good and contribute back to our playbook repo. Use it to communicate the benefits beyond just being able to ship software faster, but as a means to improve security and privacy outcomes while enabling continuous delivery. Get leaders to invest in continuous improvement of RMF.

When you do, share your new implementations, plays, automations, and lessons learned! While the terms of CC BY-ND 4.0 allow reusers to copy and distribute the material in unadapted form only, we will be creating a formal open source community around the playbook, and will provide ways for you to contribute to the material, be listed as a contributor, and make the community better. More to follow on that!

Together, we rise!


  1. We are proposing the term “cATO” no longer be used, see our Manifesto for a CD-RMF