Army Looks to Consolidate Security Controls for ‘Project Sentinel’ Risk Mgmt Effort

The U.S. Army has begun the first phase of a reform effort focused on implementing a risk management framework for assessing the cybersecurity of weapons and information technology systems, Federal News Network reported Friday.

The three-phase Project Sentinel seeks to incorporate the National Institute of Standards and Technology-developed RMF throughout a multiyear period. Phase one involves implementing security controls for individual systems, while the second increment revolves around establishing prioritized controls.

The Army aims to create an RMF working group that will consolidate security controls and reduce the amount from 1,900 to somewhere between 200 and 300 by April.

“It’s not about just reducing the controls that we’re really looking at, it’s identifying the right controls based on what we need,” said Nancy Kreidler, director of cybersecurity and information assurance under the Army CIO’s office. “One of the things that I want to ensure is that when we reduce this control set, it is the right controls and we can hold people accountable.”

Phase three of Project Sentinel is aimed at revising NIST security controls to make them clearer for assessors as well as other stakeholders.

You may also be interested in...

Cyber Workforce

DoD, NSA Launch Cyber Workforce Dev’t, Diversity Program

The Department of Defense (DoD) has partnered with the National Security Agency (NSA) to launch a workforce training program aimed at promoting cybersecurity skills development to help close the nation’s cyber talent gap. CEDI participants will have access to DoD and NSA-sponsored cybersecurity programs, certified instructors, educational resources and internships with partner businesses.