An official website of the United States government
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

In the News

News | Sept. 24, 2025

Department of War Announces New Cybersecurity Risk Management Construct

The Department of War (DoW) today announced the implementation of a groundbreaking Cybersecurity Risk Management Construct (CSRMC), a transformative framework to deliver real-time cyber defense at operational speed. This five-phase construct ensures a hardened, verifiable, continuously monitored, and actively defended environment to ensure that U.S. warfighters maintain technological superiority against rapidly evolving and emerging cyber threats.

Addressing Legacy Shortcomings

The previous Risk Management Framework was overly reliant on static checklists and manual processes that failed to account for operational needs and cyber survivability requirements. These limitations left defense systems vulnerable to sophisticated adversaries and slowed the delivery of secure capabilities to the field.

The CSRMC addresses these gaps by shifting from "snapshot in time" assessments to dynamic, automated, and continuous risk management, enabling cyber defense at the speed of relevance required for modern warfare.

The construct is composed of a five-phase lifecycle and ten foundational tenets.

The Five-Phase Lifecycle

The new construct organizes cybersecurity into five phases aligned to system development and operations:

  1. Design Phase – Security is embedded at the outset, ensuring resilience is built into system architecture.
  2. Build Phase – Secure designs are implemented as systems achieve Initial Operating Capability (IOC).
  3. Test Phase – Comprehensive validation and stress testing are performed prior to Full Operating Capability (FOC).
  4. Onboard Phase – Automated continuous monitoring is activated at deployment to sustain system visibility.
  5. Operations Phase – Real-time dashboards and alerting mechanisms provide immediate threat detection and rapid response.

Ten Foundational Tenets

The CSRMC is grounded in ten core principles:

  • Automation – driving efficiency and scale
  • Critical Controls – identifying and tracking the controls that matter most to cybersecurity
  • Continuous Monitoring and ATO – enabling real-time situational awareness to achieve constant ATO posture
  • DevSecOps – supporting secure, agile development and deployment
  • Cyber Survivability – enabling operations in contested environments
  • Training – upskilling personnel to meet evolving challenges
  • Enterprise Services & Inheritance – reducing duplication and compliance burdens
  • Operationalization – ensuring stakeholders near real-time visibility of cybersecurity risk posture
  • Reciprocity – reuse assessments across systems
  • Cybersecurity Assessments – integrating threat-informed testing to validate security

Delivering Cybersecurity at the Speed of War

By institutionalizing this construct across the Department, the DoW is ensuring cyber survivability and mission assurance in every domain: air, land, sea, space, and cyberspace.

"This construct represents a cultural shift in how the Department approaches cybersecurity," said Katie Arrington, performing the duties of the DoW CIO. "With automation, continuous monitoring, and resilience at its core, the CSRMC empowers the DoW to defend against today's adversaries while preparing for tomorrow's challenges."

For more information on the Cyber Security Risk Management Construct, click here.

For more information on the CSRMC Strategic Tenets, click here.

Related Press Advisories

Original Story

Social Media Feed

Twitter
Hon. Kirsten Davies, DoW CIO, testifying before the Senate Armed Services Committee Cybersecurity Subcommittee on March 24th discussing Pillar 2: Agile Digital Capabilities of the @DeptofWar strategy to make our Warfighters the most lethal in the world and support @SecWar https://t.co/1saxyXrsxY Hon. Kirsten Davies, DoW CIO, testifying before the Senate Armed Services Committee Cybersecurity Subcommittee on March 24th discussing Pillar 2: Agile Digital Capabilities of the @DeptofWar strategy to make our Warfighters the most lethal in the world and support @SecWar https://t.co/1saxyXrsxY
Twitter
During her testimony before the Senate Armed Services Committee Cybersecurity Subcommittee on March 24, Hon. Davies, United States Department of War CIO, outlined a strategy for transformation that supports Secretary Hegseth's Arsenal of Freedom and the National Defense Strategy. https://t.co/2olJlWXt44 During her testimony before the Senate Armed Services Committee Cybersecurity Subcommittee on March 24, Hon. Davies, United States Department of War CIO, outlined a strategy for transformation that supports Secretary Hegseth's Arsenal of Freedom and the National Defense Strategy. https://t.co/2olJlWXt44
Twitter
IMPORTANT REMINDER Applications for the 2025-2026 DoW Cyber Workforce Rotational Programs cohort are closing in ONE MONTH on April 24, 2026! Eligibility for this program is open to Department of War civilians, other federal agency civilians, and industry employees in https://t.co/GeajEDVTNM IMPORTANT REMINDER Applications for the 2025-2026 DoW Cyber Workforce Rotational Programs cohort are closing in ONE MONTH on April 24, 2026! Eligibility for this program is open to Department of War civilians, other federal agency civilians, and industry employees in https://t.co/GeajEDVTNM
Twitter
IMPORTANT REMINDER Applications for the 2025-2026 DoW Cyber Workforce Rotational Programs cohort are closing in ONE MONTH on April 24, 2026! Eligibility for this program is open to Department of War civilians, other federal agency civilians, and industry employees in the https://t.co/gahZHfIS7t IMPORTANT REMINDER Applications for the 2025-2026 DoW Cyber Workforce Rotational Programs cohort are closing in ONE MONTH on April 24, 2026! Eligibility for this program is open to Department of War civilians, other federal agency civilians, and industry employees in the https://t.co/gahZHfIS7t
Twitter
IMPORTANT REMINDER Applications for the 2025-2026 DoW Cyber Workforce Rotational Programs cohort are closing in ONE MONTH on April 24, 2026! Eligibility for this program is open to Department of War civilians, other federal agency civilians, and industry employees in https://t.co/JmV8N8nDwj IMPORTANT REMINDER Applications for the 2025-2026 DoW Cyber Workforce Rotational Programs cohort are closing in ONE MONTH on April 24, 2026! Eligibility for this program is open to Department of War civilians, other federal agency civilians, and industry employees in https://t.co/JmV8N8nDwj
Twitter
The @DeptofWar CIO is excited to invite government leaders, technical experts, mission partners, and industry collaborators to the 2026-1 US DOW Mission Partner Environment (MPE) Summit, 14-16 April 2026 in Fort Lauderdale, FL. We’ve partnered with the @DISADOD to host a https://t.co/976mSVptUb The @DeptofWar CIO is excited to invite government leaders, technical experts, mission partners, and industry collaborators to the 2026-1 US DOW Mission Partner Environment (MPE) Summit, 14-16 April 2026 in Fort Lauderdale, FL. We’ve partnered with the @DISADOD to host a https://t.co/976mSVptUb
Twitter
Proposals for the CAEO’s Aligned Skills Curriculum and Experiential Network Design Framework (ASCEND) Initiative are due in ONE WEEK! Winners receive a cash prize and mentorship from leading academics through the grant lifecycle. See image for details. Submission Guidelines: https://t.co/bXdqVvYOHJ Proposals for the CAEO’s Aligned Skills Curriculum and Experiential Network Design Framework (ASCEND) Initiative are due in ONE WEEK! Winners receive a cash prize and mentorship from leading academics through the grant lifecycle. See image for details. Submission Guidelines: https://t.co/bXdqVvYOHJ
Twitter
We are officially ONE WEEK away from Cyber Workforce Summit 2.0 (#CWS2.0)! Take a look at our event agenda, and thank you to our anticipated participants, and scheduled guest speakers, for making this Summit possible! Please visit https://t.co/7VccjEYYOC to register and start https://t.co/TXCZA4vAC3 We are officially ONE WEEK away from Cyber Workforce Summit 2.0 (#CWS2.0)! Take a look at our event agenda, and thank you to our anticipated participants, and scheduled guest speakers, for making this Summit possible! Please visit https://t.co/7VccjEYYOC to register and start https://t.co/TXCZA4vAC3
X
6,994
Follow Us