STRATEGIC TENETS
Cybersecurity Assessments
Establish comprehensive cybersecurity assessment programs
that integrate threat-informed testing methodologies with
mission-aligned risk management processes.
Enterprise & Inheritance
Share security controls, policies, or risks to increase
adoption proven frameworks, reduce compliance burdens,
and maintain operational consistency.
Critical Controls
Adhere to identified critical controls, and adaptive
recovery strategies strengthen defenses to ensure
operational continuity and protect sensitive assets.
Reciprocity
Accept each other's security assessments to reuse
system resources and/or to accept each other's
assessed security posture to share information.
Continuous Monitoring (CONMON),
Control, and ATO
Provide real-time visibility into threats, vulnerabilities,
and compliance gaps through continuous monitoring.
DevSecOps
Integrate Integrate security and automation through
continuous development, testing, and deployment
to accelerate delivery safely.
Operationalization
Strengthen our defense against evolving threats through
threat detection, incident response, compliance
management, and proactive monitoring.
Cyber Survivability
Safeguard against cyber threats, disruptions, and
data breaches through strong encryption, multi-factor
authentication, continuous monitoring, and incident
response planning.
Training
Enhancer ole-based training program for RMF practitioners to
ensure consistent performance, cybersecurity knowledge, and
standards.
Automation
Automate to enhance risk management by
streamlining processes, reducing human
error, and improving efficiency.
CLEARED
For Open Publication
Department of Defense
OFFICE OF PREPUBLICATION AND SECURITY REVIEW
