Army looks to retool risk management

secure chip (Virgiliu Obada/ 

The Army is retooling its risk management approach to better fit operational needs.

According to Col. Donald Bray, the Army's acting cyber director, the Defense Department’s risk management framework (RMF) guidance was less about removing all traces of risk and more about learning how to carry and cope with residual risk after mitigation.

"We've always been allowed, in the policy, to tailor it for our operations," Bray told FCW on the sidelines of a May 22 conference hosted by AFCEA. "And we're just at that point where we’re really looking at how to optimize, how to select which controls really apply to us, how to…not redo work, and how to tie that into operations so that we can continue monitoring that."

Shifting the Army's RMF strategy is a major cybersecurity priority for Army CIO Bruce Crawford, and tweaking it over the next few months will be an important challenge, Bray said.

Three years in, the Army and DOD are "now is the point where everybody should be moving RMF," Bray said.

The Army hosted a mini-conference on RMF earlier this year to kick-start the planning process at the leadership level in hopes of producing "more template" guidance throughout the organization, he said, noting that the current guidance doesn't work as well in certain areas.

"It works better for traditional IT," Bray said, but challenges emerge dealing with weapons systems and industrial control systems and property management systems.

The effort is expected to unfold over the next few years, Bray said, adding that a full implementation plan should come out this summer.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected