WASHINGTON — The Department of Defense unveiled a new five-phased framework for assessing cyber risks on its networks, dubbed the Cybersecurity Risk Management Construct, to replace its old risk management system.
“The previous Risk Management Framework was overly reliant on static checklists and manual processes that failed to account for operational needs and cyber survivability requirements. These limitations left defense systems vulnerable to sophisticated adversaries and slowed the delivery of secure capabilities to the field,” a statement from the department said. “The CSRMC addresses these gaps by shifting from ‘snapshot in time’ assessments to dynamic, automated, and continuous risk management, enabling cyber defense at the speed of relevance required for modern warfare.”
According to the statement, the new framework involves a five-phase lifecycle aligned to system development and operations with an additional ten foundational tenets.
The five-phased lifecycle includes:
- a design phase where security is embedded at the outset, ensuring resilience is built into system architectures;
- a build phase where secure designs are…
