The U.S. Army is overhauling its cybersecurity policy with a new directive signed by Army Chief Information Officer (CIO) Leo Garciga last week that aims to streamline the service’s implementation of its Risk Management Framework (RMF).
The Army’s RMF 2.0, launched in April 2022, aimed to operationalize the risk management process by prioritizing threat-based controls, leveraging inheritance, and providing automation tools to reduce labor-intensive tasks and streamline assessments. The RMF also set the stage for systems to transition into Continuous Monitoring, an initiative that has been a key focus for the Pentagon.
However, despite the implementation of the RMF, “challenges remain with efficiency and addressing the continuous evolving intel-based threats posing real risks to the Army terrain,” the CIO’s memo reads.
According to the memo, the way forward is a “reset” of the Army’s approach to the RMF. Specifically, Additionally, the memo calls for an update in the Army’s approach to continuous monitoring and security controls.
“This memorandum removes the Army-wide deadline for systems to enter Continuous Monitoring … authorizing officials will work with…
