The Department of the Air Force Chief Information Officer has published a paper explaining the ‘cyber cake‘ concept to provide a structured, transparent framework to achieve a stronger cybersecurity posture.
Table of Contents
FIPS Strategy as the Base
The Federal Information Processing Standards, or FIPS, strategy serves as the cyber cake’s base.
According to the concept paper, organizations should begin with FIPS to establish mandatory security standards for federal information systems and ensure a baseline of security to support broader cybersecurity strategies.
Risk Management Framework as the Platter
The National Institute of Standards and Technology’s Risk Management Framework, or RMF, serves as the platter, providing a structured approach that organizations can use to identify, evaluate and mitigate risks to protect information and systems.
The Cyber Cake’s 5 Layers
The 34-page document outlines the five layers of the cyber cake: the supply chain risk management, or SCRM, strategy; cybersecurity SCRM strategy, or C-SCRM; cyber resilience engineering framework, or CREF; zero trust strategy; and the MITRE Adversarial Tactics, Techniques and Common Knowledge, also known as the MITRE ATT&CK framework.
According to the concept paper, SCRM and RMF serve as the baseline frameworks, providing the key structure for the risk management and supply chain risk management practices that CREF and C-SCRM build on to address cybersecurity and resilience.
Meanwhile, CREF integrates principles from SCRM and RMF to help improve an organization’s ability to recover from cyber incidents.
The paper also cites other components of the cyber cake, including privacy; the NIST Secure Software Development Framework; controlled unclassified information; artificial intelligence and machine learning; and the NIST Cybersecurity Framework 2.0.
Related Articles
The Office of the Director of National Intelligence has appointed Tidal “Ty” McCoy II, most recently a principal at Nexfed, as intelligence community chief financial officer. McCoy announced his appointment at ODNI in a LinkedIn post published Tuesday. Hear experts discuss the latest tech advancements, trends and opportunities facing the IC at the Potomac Officers Club’s 2025 Intel Summit on Oct. 2. Reserve your spot now! Who Is Tidal McCoy? In 2022, McCoy joined strategy consulting firm Nextfed as a vice president. At Nexfed, he led the firm’s intelligence and acquisition strategy practice and played a key role in mergers
The National Science Foundation has launched an initiative to invest up to $100 million in a national network of artificial intelligence-enabled programmable cloud laboratories as part of efforts to advance automated science and engineering and drive discoveries and innovation. NSF said Tuesday the Directorate for Technology, Innovation and Partnerships, or TIP, will lead the NSF Test Bed: Toward a Network of Programmable Cloud Laboratories, or NSF PCL Test Bed. “The idea of a national network of programmable cloud laboratories builds on NSF’s longstanding legacy of transformative investments — such as NSFNET decades ago — that paved the way for the modern
Sens. Jeanne Shaheen, D-N.H.; Maggie Hassan, D-N.H.; Susan Collins, R-Maine; and Angus King, I-Maine have proposed legislation that would spare the Navy’s four public shipyards from workforce reductions. Called the Protecting Public Naval Shipyards Act, the bipartisan bill tells the Department of Defense to exempt certain positions at public shipyards from hiring freezes and layoffs to ensure that nuclear-powered submarine maintenance and overhaul are uninterrupted. “This bipartisan bill will ensure that important naval operations continue without disruption by exempting public shipyard employees from the chaotic mass firings, workforce reductions, and hiring freezes directed by the Trump Administration,” said Hassan. Top