The Defense Department has issued its first call to industry in a promised effort to “blow up” its implementation of the Risk Management Framework, the scheme the department uses to assess and certify the cybersecurity of its IT systems.
In a brief request for information published Tuesday, the department asked vendors for input on specific questions. Most questions deal with how other organizations design their systems with cybersecurity protections in mind, how they test and monitor them for threats and vulnerabilities on an ongoing basis, and how they manage cyber risks.
An informational graphic distributed together with the questions to vendors describes DoD’s overall objective as reforming its existing RMF process into one that “reimagines” cyber risk management. Officials said they’re aiming toward a “culture, mindset and process” that moves more quickly, “more effectively assesses and conveys risk and is less burdensome to cyber and acquisition professionals while ultimately providing operational combatant commanders with an accurate understanding of cyber risk to mission.”
DoD’s…
