The U.S. Army’s Communications-Electronics Command Software Engineering Center, or CECOM SEC, and the U.S. Military Academy at West Point have collaborated to evaluate the feasibility of the CECOM SEC-developed mapping between zero trust and the Pentagon’s Risk Management Framework, or RMF.
The Army said Thursday the testing sought to collect feedback on the mapping’s application.
Zero trust is a modern cybersecurity framework built on the “never trust, always verify” principle. RMF is a systematic structure that authorizes and manages risk in the Department of War’s systems.
Helping West Point Enhance Zero Trust Posture
According to the Army, the mapping developed by CECOM SEC helped USMA develop cybersecurity configurations, manage risk with a zero-trust mindset and prioritize zero-trust activities by focusing on relevant control correlation identifiers, or CCIs.
CCI is a unique identifier assigned to a specific security requirement and serves as a bridge between security control sets and compliance frameworks, enabling consistent mapping and tracking of individual security requirements across different standards.
CCIs are a key component of the Security Technical Implementation Guides and are maintained by the Defense Information Systems Agency.
The service branch said the approach provided West Point with a repeatable process for incorporating security concepts into established risk management practices and enabled the organization to determine its zero trust maturity while leveraging RMF compliance status.
Related Articles
The Federal Acquisition Regulatory Council on Thursday issued new model deviation text for four parts of the FAR as part of the Revolutionary FAR Overhaul, or RFO, initiative. In April, President Donald Trump signed an executive order directing his administration to amend FAR to streamline the federal procurement process and eliminate barriers to doing business with the government. The FAR Council released new text for Part 3 – Improper Business Practices and Personal Conflicts of Interest; Part 17 – Special Contracting Methods; Part 27 – Patents, Data, and Copyrights; and Part 45 – Government Property. These parts are open for
MITRE has released a report highlighting the need for the defense acquisition system, or DAS, to be more warfighter-centric to facilitate the delivery of capabilities that keep pace with the rapidly evolving battlefield conditions. The nonprofit corporation said Friday uniformed engineers and scientists should have sufficient acquisition training and authorities to rapidly innovate and address emerging problems at the tactical edge. Extreme Product Ownership MITRE cited U.S. Special Operations Command’s adoption of “Extreme Product Ownership,” an agile approach that focuses on users and value to reduce risks to development and combat operations. In the report, MITRE mentioned the 160 Special
The Department of Homeland Security Office of Inspector General has found significant weaknesses in the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Retention Incentive program, which was designed to help the agency attract and retain high-demand cybersecurity professionals. In an audit released Thursday, the OIG reported that CISA distributed more than $138 million between fiscal years 2020 and 2024 but failed to adequately target payments to mission-critical personnel. Instead, broad eligibility rules and weak oversight led to unauthorized back payments and retention incentives being awarded to employees who did not meet program requirements. The Potomac Officers Club’s 2025 Homeland Security Summit