Army looks to retool risk management — FCW

0
174

Defense

Army looks to retool risk management

secure chip (Virgiliu Obada/Shutterstock.com) 

The Army is retooling its risk management approach to better fit operational needs.

According to Col. Donald Bray, the Army’s acting cyber director, the Defense Department’s risk management framework (RMF) guidance was less about removing all traces of risk and more about learning how to carry and cope with residual risk after mitigation.

“We’ve always been allowed, in the policy, to tailor it for our operations,” Bray told FCW on the sidelines of a May 22 conference hosted by AFCEA. “And we’re just at that point where we’re really looking at how to optimize, how to select which controls really apply to us, how to…not redo work, and how to tie that into operations so that we can continue monitoring that.”

Shifting the Army’s RMF strategy is a major cybersecurity priority for Army CIO Bruce Crawford, and tweaking it over the next few months will be an important challenge, Bray said.

Three years in, the Army and DOD are “now is the point where everybody should be moving RMF,” Bray said.

Read More…