Saturday, July 12, 2025
  • About us
    • Write for us
    • Disclaimer
    • Terms of use
    • Privacy Policy
  • RSS Feeds
  • Advertise with us
  • Contact us
DefenceTalk
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports
No Result
View All Result
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports
No Result
View All Result
DefenceTalk
No Result
View All Result
Home Defence & Military News Technology News Cybersecurity

Project Sentinel – The Army Announces Cybersecurity Risk Management Framework Reform

by Army News Service
February 21, 2020
in Cybersecurity, Technology News
2 min read
0
Project Sentinel – The Army Announces Cybersecurity Risk Management Framework Reform

Army Cybersecurity

14
VIEWS

The Army is launching Project Sentinel to adapt the current Risk Management Framework (RMF) process into a streamlined threat-informed risk decision process.

The Army adopted the Risk Management Framework in 2015. Since then, as has been the case in other Services, the process has been wrought with challenges including training, time to execute, number of controls, and resourcing. Focus on the process has been more compliance-based with little consideration to current threat information. During the past two years, the Army has made considerable progress in streamlining the RMF process to address Army priorities, and activated Army Futures Command with specific processes for testing tactical systems. In addition, the Army created a process in which rapid capability can be assessed quickly to address high-priority operational needs statements from the field. Now with lessons learned and experience using RMF over the past four years, the Army stands postured to pivot from compliance to a threat-informed risk management process.

Sentinel introduces the prioritization of cybersecurity controls based on current validated threats from authoritative sources, such as Critical Security Controls for Effective Cyber Defense published by the Center of Internet Security (formerly SANs Top 20). The publication identifies controls that address the vast majority of the most common attacks.

The project will also review Army Cyber Command (ARCYBER) threat trends as well as military intelligence from National Ground Intelligence Center and its Intelligence Community partners. The RMF control set can now be tailored to ensure these identified threats are addressed. By focusing on the “right” controls versus “all” the controls, the process becomes less cumbersome and less resource intensive, yet more focused on true cybersecurity risk management.

In addition to focusing on a threat-based risk framework, Sentinel will look to institute a risk threshold. While there is risk that the Army is able to assume or mitigate, there also is risk that needs to be addressed before authorization can be granted. Examples of risk above the threshold are the encryption of personally identifiable information, or monitoring on public facing websites. Examples of risk that the Army can assume or mitigate are vulnerabilities found on a closed or restricted network, or findings that are awaiting completion of documentation. With the adoption of a risk threshold, decisions for where to spend resources become apparent, necessary, and more precise. The cost to fix a cybersecurity finding above the threshold can be prioritized against other findings during an RMF assessment. In addition, the threshold can change with emerging threat information.

The project team will start defining and reviewing the threat resources and mapping validated threats to the RMF controls in Phase 1. Several pilots will be conducted over the next several months to inform the level of assurance we gain from identifying the right controls, making the right assessments, and reviewing the process as a whole. Phase I capability to be available in April-May 2020 timeframe.

Ultimately, cybersecurity is a team sport and this effort bears that axiom out. We have a group of outstanding, dedicated cybersecurity professionals from all over the Army coming together in support of this effort. The Sentinel team is comprised of representatives from the following organizations including: Army Forces Command; the Army Deputy Chief of Staff G-2; the Army National Guard; ARCYBER; Army Materiel Command; Army Test and Evaluation Command; Army Corps of Engineers; Army Reserve Command; Army Network Enterprise Technology Command; Program Executive Office Command, Control Communications-Tactical; and the Army Software Engineering Center.

I look forward to working as a team on this Army-wide effort to make meaningful change in how we execute cybersecurity.

Tags: cybersecuritynetwork securityproject sentinelRisk Managementsecurityus army
Previous Post

Nanoscience breakthrough: Probing particles smaller than a billionth of a meter

Next Post

Software-defined networking could get US Army’s data moving faster

Related Posts

Air Force Research Lab Announces MUOS Satellite Communications Testing in Antarctica

Trojan Horses in Space: Cyber Threats Hidden in Satellite Networks

April 8, 2025

Most of us like satellites. They power our televisions. Allow us to find our way home from anywhere on the...

Chatbot vs national security? Why DeepSeek is raising concerns

Chatbot vs national security? Why DeepSeek is raising concerns

February 17, 2025

Chinese AI chatbot DeepSeek upended the global industry and wiped billions off US tech stocks when it unveiled its R1...

Next Post
Software-defined networking could get US Army’s data moving faster

Software-defined networking could get US Army's data moving faster

Latest Defense News

Britain, Germany jointly developing missiles: ministers

Britain, Germany jointly developing missiles: ministers

May 17, 2025
Trump announces ‘full and immediate’ India-Pakistan ceasefire

Trump announces ‘full and immediate’ India-Pakistan ceasefire

May 10, 2025
Pakistan says Indian missiles strike air bases as conflict spirals

Pakistan says Indian missiles strike air bases as conflict spirals

May 10, 2025
J-10C fighter jet

Pakistan says India has brought neighbours ‘closer to major conflict’

May 9, 2025
North Korea fires multiple suspected cruise missiles

North Korea fires flurry of short-range ballistic missiles

May 9, 2025
China says ‘closely watching’ Ukraine situation after Russian attack

China vows to stand with Russia in face of ‘hegemonic bullying’

May 9, 2025

Defense Forum Discussions

  • The Russian-Ukrainian War Thread
  • Russian Navy Discussions and Updates
  • General Aviation Thread
  • Mass launch 40 fighterjets Anatolian Eagle exercise
  • European Union, member states and Agencies
  • Japan, Koreas, China and Taiwan regional issues
  • Russia - General Discussion.
  • Military Aviation News and Discussion
  • Germany
  • Indonesia: 'green water navy'
DefenceTalk

© 2003-2020 DefenceTalk.com

Navigate Site

  • Defence Forum
  • Military Photos
  • RSS Feeds
  • About us
  • Advertise with us
  • Contact us

Follow Us

No Result
View All Result
  • Home
  • Defense News
    • Defense & Geopolitics News
    • War Conflicts News
    • Army News
    • Air Force News
    • Navy News
    • Missiles Systems News
    • Nuclear Weapons
    • Defense Technology
    • Cybersecurity News
  • Military Photos
  • Defense Forum
  • Military Videos
  • Military Weapon Systems
    • Weapon Systems
    • Reports

© 2003-2020 DefenceTalk.com