Army Looks to Consolidate Security Controls for ‘Project Sentinel’ Risk Mgmt Effort

The U.S. Army has begun the first phase of a reform effort focused on implementing a risk management framework for assessing the cybersecurity of weapons and information technology systems, Federal News Network reported Friday.

The three-phase Project Sentinel seeks to incorporate the National Institute of Standards and Technology-developed RMF throughout a multiyear period. Phase one involves implementing security controls for individual systems, while the second increment revolves around establishing prioritized controls.

The Army aims to create an RMF working group that will consolidate security controls and reduce the amount from 1,900 to somewhere between 200 and 300 by April.

“It’s not about just reducing the controls that we’re really looking at, it’s identifying the right controls based on what we need,” said Nancy Kreidler, director of cybersecurity and information assurance under the Army CIO’s office. “One of the things that I want to ensure is that when we reduce this control set, it is the right controls and we can hold people accountable.”

Phase three of Project Sentinel is aimed at revising NIST security controls to make them clearer for assessors as well as other stakeholders.

You may also be interested in...

Nickolas Guertin

Carnegie Mellon’s Nickolas Guertin in Line to Become Next Defense OT&E Director

Nickolas Guertin, a senior software systems engineer at Carnegie Mellon University, has been nominated by President Biden to become the Department of Defense's (DoD) director of operational test and evaluation (DOT&E). The Reading, Connecticut native was a former U.S. Navy serviceman with experience in ship construction and maintenance, systems engineering, weapons testing and development, and submarine operations, the White House said Thursday.