Kathleen Hicks, deputy secretary of the Department of Defense and a 2024 Wash100 awardee, has issued a memorandum aimed at addressing issues associated with cybersecurity reciprocity and the Risk Management Framework.
According to the memo signed by Hicks on May 2, DOD should streamline and speed up the delivery of capabilities to warfighters by “maintaining our cybersecurity standards and leveraging reciprocity between system owners and authorizing officials.”
The deputy defense secretary noted that she expects “testing re-use and reciprocity to be implemented except when the cybersecurity risk is too great.”
The document directs DOD components to raise any RMF policy and cybersecurity reciprocity implementation issues to the department’s Office of the Chief Information Officer.
DOD CIO John Sherman cited the memo during his keynote at a symposium on Wednesday, according to a report by DefenseScoop.
“This is coming from the deputy secretary on down that reciprocity should be a default,” Sherman, a 2024 Wash100 Award recipient, told the publication.
“It should be the first choice as opposed to having to redo all the due diligence again. We’re trying to strike a balance in maintaining our [risk management framework-driven] cybersecurity, but to make sure that we are able to move more quickly and not have to basically check everyone’s homework,” he added.
Register here to attend the Potomac Officers Club’s 2024 Cyber Summit. Listen to cyber experts, government and industry leaders on June 6 as they discuss the latest trends and the dynamic role of cyber in the public sector.