The Department of the Air Force Chief Information Officer has published a paper explaining the ‘cyber cake‘ concept to provide a structured, transparent framework to achieve a stronger cybersecurity posture.
Table of Contents
FIPS Strategy as the Base
The Federal Information Processing Standards, or FIPS, strategy serves as the cyber cake’s base.
According to the concept paper, organizations should begin with FIPS to establish mandatory security standards for federal information systems and ensure a baseline of security to support broader cybersecurity strategies.
Risk Management Framework as the Platter
The National Institute of Standards and Technology’s Risk Management Framework, or RMF, serves as the platter, providing a structured approach that organizations can use to identify, evaluate and mitigate risks to protect information and systems.
The Cyber Cake’s 5 Layers
The 34-page document outlines the five layers of the cyber cake: the supply chain risk management, or SCRM, strategy; cybersecurity SCRM strategy, or C-SCRM; cyber resilience engineering framework, or CREF; zero trust strategy; and the MITRE Adversarial Tactics, Techniques and Common Knowledge, also known as the MITRE ATT&CK framework.
According to the concept paper, SCRM and RMF serve as the baseline frameworks, providing the key structure for the risk management and supply chain risk management practices that CREF and C-SCRM build on to address cybersecurity and resilience.
Meanwhile, CREF integrates principles from SCRM and RMF to help improve an organization’s ability to recover from cyber incidents.
The paper also cites other components of the cyber cake, including privacy; the NIST Secure Software Development Framework; controlled unclassified information; artificial intelligence and machine learning; and the NIST Cybersecurity Framework 2.0.
Related Articles
The United States’ review of the AUKUS security partnership is expected to conclude this fall, Axios reported Wednesday. Led by Pentagon policy chief Elbridge Colby, the review is examining how the trilateral agreement, which began under the Biden administration, aligns with the priorities of the Trump administration. Colby previously voiced skepticism over how U.S. resources are allocated under AUKUS, though he also said Washington should “do everything we can to make this work.” Learn about the latest AUKUS trilateral agreement developments at the Potomac Officers Club’s 2025 Navy Summit, where maritime leaders and Navy experts will address the most critical
The U.S. Army has issued an organization-wide memo to guide the optimization of systems critical to operations. Signed by Leonel Garciga, the service’s chief information officer and a two-time Wash100 winner, the Defense Business System, or DBS, Determination and Implementation Guidance offers clarifications, ensures accountability and enhances governance of the Army’s IT infrastructure. What Is DBS? A DBS is an IT system being used within the Department of Defense to support core business operations, including financial management, budgeting, planning, contracting, logistics, and human resources training and management. It does not cover systems that are utilized for military, intelligence and national
The Catalyst Accelerator has named the six small businesses that will participate in its directed energy and electromagnetic warfare cohort. From August to November, the cohort will meet every two weeks to collaborate with subject matter experts and engage with government and commercial navigators to build connections and develop technologies for the warfighter. The cohort, The Catalyst Accelerator’s 15th overall, is the first to be executed in partnership with the U.S. Space Force’s Space Security and Defense Program. “The Space Security and Defense Program is excited to see such a diverse set of technologies in the Electromagnetic Warfare and Directed