The Office of the Department of Defense Chief Information Officer has begun soliciting input from cybersecurity experts, innovators and industry stakeholders to help update the Risk Management Framework as part of efforts to improve cyber resilience, accelerate the deployment of secure technologies and enhance risk assessment across DOD.
According to a request for information published Tuesday, responses are due July 24.
Risk Management Framework Revamp RFI
According to the RFI, the Office of the DOD CIO aims to identify emerging technologies, operational methodologies and best practices to address redundant compliance efforts, streamline cybersecurity risk assessment and improve reciprocity across the department’s components.
Key areas of interest include AI-driven cybersecurity tools, continuous monitoring platforms, proactive cyber defense mechanisms, security control inheritance, artifact reuse, security testing frameworks and risk assessment models that support the rapid integration of automation, monitoring and active threat mitigation within cybersecurity programs.
The government expects industry responses to inform policy adjustments, improve the department’s cybersecurity posture and optimize risk management strategies to ensure the delivery of mission-critical capabilities to warfighters.
Requested Information to Support RMF Overhaul
The DOD CIO is asking interested stakeholders to provide a detailed overview of the tools and methodologies used by their organizations for continuous monitoring, system testing, penetration testing and vulnerability remediation.
Respondents can also explain how cybersecurity assessment and mitigation tools integrate automation technologies to improve threat mitigation, risk identification and cybersecurity resilience.
The office also wants information on risk assessment algorithms that could perform near-real-time risk calculations on large data sets.
