Cybersecurity evolves daily to counter ever-present threats posed by criminals, nation states, insiders and others. To address the changing threat landscape, the National Institute of Standards and Technology (NIST) periodically updates its Risk Management Framework (RMF), a standards-based, security-by-design process that all IT systems within DOD agencies must meet.
DOD and civilian agencies must implement the RMF to the best of their abilities. As an added precaution, federal contractors should be held to the same standards. Vigilance is required, as advanced persistent threats can gain a foothold on an agency’s network and remain undetected, sometimes accessing and stealing information for months or even years—and that poses a huge risk not only to the compromised organization…
