The Defense Department‘s transition to the Risk Management Framework has helped streamline the secure integration of information technology systems and applications into the DoD network, FierceGovernmentIT reported Wednesday.
Dibya Sarkar writes that contractors and military users found the previous DoD Information Assurance Certification and Accreditation Process challenging in terms of complexity, flexibility, efficiency and effectivity.
“RMF brings DoD-specific methods in line with other, governmentwide standards such as the Federal Information Security Management Act,” Essye Miller, director of cybersecurity in the U.S. Army‘s Office of the Chief Information Officer, told the publication.
“This will put us more on common terms with very common requirements to help us get through the process a bit quicker.”
The report said DoD’s implementation of the National Institute of Standards and Technology‘s risk-focused framework helps protect the department’s IT assets throughout their lifecycle by building on the agility to update security controls.
Miller added that RMF also helps identify potential vulnerabilities to guide investment decisions.
“[We’ve] got more flexibility again to assess the impact before stopping the process and help us make a more informed, risk-based decision versus a process compliance-based decision,” she said.