Particle.news
Get it on Google Play
Download on the App Store
3 ARTICLES
·
6mo ago

Pentagon Unveils Cybersecurity Risk Management Construct to Replace Risk Framework

Outside experts questioned whether the new construct delivers substantive change, citing missing metrics and supply‑chain details.

Overview

  • The Cybersecurity Risk Management Construct (CSRMC) replaces the prior checklist‑driven Risk Management Framework with a shift to automated, continuous risk management.
  • CSRMC organizes cybersecurity into five phases aligned to system lifecycles: Design, Build, Test, Onboard, and Operations.
  • Ten stated tenets include automation, critical controls, continuous monitoring and ATO, DevSecOps, cyber survivability, training, enterprise services and inheritance, operationalization, reciprocity, and cybersecurity assessments.
  • Department leadership presented the move as a cultural shift to enable real‑time defense and mission assurance across warfighting domains.
  • Analysts questioned whether the approach goes beyond rebranding, flagging the absence of quantifiable survivability metrics, limited supply‑chain remedies, and risks from granting service providers real‑time disconnect authority.