A new CyberWorx design sprint aims to accelerate risk management processes to keep up with warfighter needs and modern DevOps — and industry partners are needed to help tackle the challenge.
The week-long #RMFNext sprint will take place April 9-13 at the Air Force Academy.
Industry participants and Air Force officials will work on finding a better way for mission owners to “effectively manage risk, make risk-informed cybersecurity investment decisions, and protect the crown jewels that enable successful execution of their core missions at modern cyber-velocities,” according to a news release issued by CyberWorx.
The question Air Force and industry partners plan to answer: “How might we accelerate the implementation of the Risk Management Framework (RMF) to a velocity more compatible with warfighter needs and modern DevOps methods for federal information systems including IT, [operational technology], and Platform IT?”
The sprint aims to design best options for implementing NIST 800-37, which provides guidelines for applying the Risk Management Framework to federal information systems.
The Risk Management Framework is a unified information security framework for the entire federal government, according to the Defense Security Service, which oversees the protection of U.S. and foreign classified information in the hands of industry.
RMF includes a process for integrating essential security and risk management activities into the development life cycle of critical information systems, according to a news release issued by the Center for Technology, Research and Commercialization.
The more agile approach to risk management is preferred because it is dynamic and flexible, according to the Defense Security Service.
“The greatest benefit of the new approach, beyond minimizing risk, is to streamline and speed up the entire process of managing the risks inherent in any development project,” according to C-TRAC’s news release.
“C-TRAC is looking for industry participants to bring their experience and expertise in risk-based decision making regarding the organizational information systems supporting their core missions and business functions and well as the implementation and integration of information security into the enterprise architecture and system development life cycle,” the CyberWorx news release added.
Industry professionals and subject matter experts interested in contributing to the design sprint should contact Ryan Winstead at firstname.lastname@example.org or 719-394-0600.