Per a Department of Defense (DoD) memorandum sent to senior Pentagon Leadership in February, 2022, it acknowledged that while the Risk Management Framework (RMF) establishes the continuous management of system cybersecurity risk, current RMF implementation focuses on obtaining system authorizations (ATOs), yet falls short in implementing continuous monitoring of risk once authorization has been reached. 

Per the 2022 Annual Threat Assessment of the U.S. Intelligence Community, a publication from the Office of the Director of National Intelligence (DNI) “We assess that China presents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private sector networks. China’s cyber pursuits and export of related technologies increase the threats of attacks against the U.S. homeland, suppression of U.S. web content that Beijing views as threatening to its control, and the expansion of technology-driven authoritarianism globally.”

The year was 2015, an eternity in today's world of growing cybersecurity threats, regardless, General (Ret) Keith B. Alexander, Director of the NSA from 2005 - 2014, sounded the alarm of the present dangers of that time, and what was to come.  In a prepared statement before the Senate Armed Services Committee, the now retired General - 20 months out of office as Director of NSA & USCYBERCOM, spoke of the four major threats in the cyber domain: cyber attack, cyber espionage, cyber theft of intellectual property, and criminal activity.

Per the 2022 Annual Threat Assessment of the U.S. Intelligence Community, a publication from the Office of the Director of National Intelligence (DNI) “We assess that Russia will remain a top cyber threat as it refines and employs its espionage, influence, and attack capabilities. We assess that Russia views cyber disruptions as a foreign policy lever to shape other countries’ decisions, as well as a deterrence and military tool.”

The much maligned, misunderstood, and often misguided CMMC framework is hopefully - finally - coming to fruition as the Department of Defense (DoD) has indicated that the rulemaking will take anywhere from 9-24 months from the release date of the CMMC 2.0. Translation: We are still waiting as the 9-24 months has been a standard statement for quite some time now.  This has left federal contractors to wonder when that time period would begin and what the timeline might look like.

In December, 2022, President Joe Biden signed into law the National Defense Authorization Act (NDAA), an $858 Billion spending bill that’s big on almost everything related to defense, including the all-important issue of cybersecurity.  The legislation, which authorizes $817 billion specifically for the Department of Defense, will provide $45 billion more than Biden’s budget request earlier this year.

As North America’s leading provider of National Security, Cybersecurity & NIST RMF Advisory Services & Solutions for the U.S. Defense Industrial Base (DIB), Arlington now offers a complete life cycle of services & solutions for FedRAMP. 

If you’re seeking cost savings, operational efficiency, and expert IT knowledge, then consider Arlington’s virtual CISO services for your organization.  In today’s competitive business arena, finding qualified employees is becoming more difficult by the day, and that’s especially true for any InfoSec and cybersecurity related jobs.

Arlington Security Portal (ASP) is an online repository of world-class, industry leading security policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on the NIST Risk Management Framework (RMF) 800 series of publications for information security, cybersecurity, and privacy control families.