Army Looks to Consolidate Security Controls for ‘Project Sentinel’ Risk Mgmt Effort

The U.S. Army has begun the first phase of a reform effort focused on implementing a risk management framework for assessing the cybersecurity of weapons and information technology systems, Federal News Network reported Friday.

The three-phase Project Sentinel seeks to incorporate the National Institute of Standards and Technology-developed RMF throughout a multiyear period. Phase one involves implementing security controls for individual systems, while the second increment revolves around establishing prioritized controls.

The Army aims to create an RMF working group that will consolidate security controls and reduce the amount from 1,900 to somewhere between 200 and 300 by April.

“It’s not about just reducing the controls that we’re really looking at, it’s identifying the right controls based on what we need,” said Nancy Kreidler, director of cybersecurity and information assurance under the Army CIO’s office. “One of the things that I want to ensure is that when we reduce this control set, it is the right controls and we can hold people accountable.”

Phase three of Project Sentinel is aimed at revising NIST security controls to make them clearer for assessors as well as other stakeholders.

You may also be interested in...

Paul Olexa

USAF Airman Paul Olexa Pitches Idea to Reduce Foreign Debris Threats

Paul Olexa, a 1st class airman from the U.S. Air Force, used his past experience as a factory manager to create a floor mat designed to reduce foreign object debris that threatens aircraft safety. Olexa pitched his “Mag Rug” idea as an entry to the Spark Tank competition that took place in October at Whiteman Air Force Base.