The U.S. Army has begun the first phase of a reform effort focused on implementing a risk management framework for assessing the cybersecurity of weapons and information technology systems, Federal News Network reported Friday.
The three-phase Project Sentinel seeks to incorporate the National Institute of Standards and Technology-developed RMF throughout a multiyear period. Phase one involves implementing security controls for individual systems, while the second increment revolves around establishing prioritized controls.
The Army aims to create an RMF working group that will consolidate security controls and reduce the amount from 1,900 to somewhere between 200 and 300 by April.
“It’s not about just reducing the controls that we’re really looking at, it’s identifying the right controls based on what we need,” said Nancy Kreidler, director of cybersecurity and information assurance under the Army CIO’s office. “One of the things that I want to ensure is that when we reduce this control set, it is the right controls and we can hold people accountable.”
Phase three of Project Sentinel is aimed at revising NIST security controls to make them clearer for assessors as well as other stakeholders.