COMMENTARY: Talk to anyone who has deployed technology that meets the U.S. Department of Defense’s cybersecurity standards, and they’ll tell you the same thing: Compliance is a pain.Why? It’s manual, takes too long and costs too much. Every deployment is different, requiring you to start from scratch each time. And above all, the whole process diverts too much of technologists’ time and attention toward bureaucratic box-checking, when it could’ve been applied to problem solving and innovation.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]There’s no question — the certification and accreditation process needs to improve. As an engineer who muddled through Authorization to Operate (ATO) for IT infrastructure in the intelligence community, I’m just one of many who have shouted, “There has to be a better way.”It seems Pentagon technology leaders finally heard us. After declaring that they will be “blowing up” the Risk Management Framework (RMF), the Department of Defense recently released the Cybersecurity Risk Management Construct (CRMC). The moment for…
