Today, the Department of Defense introduces new guidelines to enhance cybersecurity and risk management efficiency

In a move aimed at streamlining cybersecurity practices within the Department of Defense (DoD), Chief Information Officer John Sherman announced the issuance of a new memorandum during his keynote address at the GEOINT Symposium. The memo, titled “Resolving Risk Management Frameworks and Cybersecurity Reciprocity Issues,” was approved by Deputy Secretary of Defense Kathleen Hicks and addresses the issue of operational authority (ATO), which has been a point of contention among industry leaders. ) focuses on improving process efficiency.

The newly released guidance addresses the critical need for “testing for reuse and reciprocity” in risk management decisions across the Department of Defense and emphasizes a more collaborative approach to cybersecurity. This initiative will enable federal agencies to leverage proactive assessments from both internal and external organizations, and is expected to significantly reduce costs and delays associated with validating and operating IT systems on defense networks. It has been.

Deputy Secretary Hicks' directive requires all policy and implementation issues related to the Risk Management Framework (RMF) to be escalated directly to Mr. Sherman and his office. The move is part of a broader effort to more effectively manage cybersecurity risks and deliver technological capabilities to warfighters without unnecessary delays.

“DoD components may request assistance from the DoD CIO regarding reciprocity and other RMF policy, guidance, and resolution of technical issues by contacting the RMF Technical Advisory Group Office,” Hicks said. stated in the memorandum. This step is intended to centralize and quickly resolve any issues that arise with the implementation of these new procedures.

In his speech, Mr Sharman acknowledged recent industry feedback on the cumbersome ATO process and emphasized the importance of this initiative. “Just this morning, I saw some people talking about this on LinkedIn. And I want to let you all know that we are hearing you loud and clear on this within the Department of Defense. I’m not saying this will solve everything, but it will help a little bit,” he explained to the audience.

The Department of Defense's efforts to refine its risk management and cybersecurity strategies are a clear response to the defense sector's evolving needs, particularly to accelerate the deployment of innovative technologies critical to national security. This policy update will foster agility and collaboration within the Department and ultimately strengthen America's defense capabilities in the digital age.

Read the Department of Defense memo here.

Matt Seldon, BSc, is an editor at HSToday. He has over 20 years of experience in writing, social media, and analysis. Matt holds a degree in Computer Studies from the University of South Wales, UK. His diverse work experience includes positions in the Department for Work and Pensions and various responsibilities in various companies in the private sector. Since first entering the workforce, he has written and edited various blogs and online content for promotional and educational purposes. Throughout his career, Matt has run a variety of promotional and educational-themed social media campaigns on platforms such as Google, Microsoft, Facebook, and LinkedIn. His educational campaigns focus on topics such as philanthropic volunteerism in the public sector and personal financial goals.