A vital aspect of maintaining U.S. technological superiority and military readiness is ensuring cybersecurity of our information technology systems, weapon systems, and networks.
Program Managers must assume that the system they field, including their external interfaces, will be under cyber attack. By implementing the practices in the referenced guidebook,
programs will be able to more effectively plan, design, develop, test, manufacture, and sustain systems that are more resilient in the face of cyber warfare conducted by a capable adversary.
To be cost-effective, cybersecurity must be addressed early within acquisition and be thoughtfully integrated with systems engineering, test and evaluation, and other acquisition processes throughout the system lifecycle.
The referenced guidebook has been developed to aid acquisition Program Managers and their teams in effectively applying the cybersecurity risk management framework (RMF) to design, build, and test systems addressing cybersecurity capability requirements to operate in a cyber-contested environment. The guidebook explains key concepts and activities for successful implementation of RMF activities and aligns them with all phases of the Department of Defense acquisition lifecycle, including development, operational testing, fielding, and sustainment. The guidebook describes in detail the cybersecurity-related roles and responsibilities, as well as the development and maturation of cybersecurity artifacts and activities. Information, such as system security engineering guidance, sample language for consideration in requests for proposal and contracts, and the cybersecurity risk assessment process, is also presented to assist Program
Managers.
The guidebook, will be updated as lessons learned are identified to ensure that the cybersecurity guidance remains timely, relevant, and actionable.
This PM NIST-based RMF Guidebook is dated. It does not provide the latest in GAO-lauded cybersecurity, cyber resiliency and cyber survivability for Cyber Physical , Defense Business or Weapon Systems as does the current USAF System Security Engineering Cyber Guidebook, Version 3.0.
Anyone associated with the US DoD or Government can request a copy of this Guidebook via DoD SAFE by contacting:
joseph.yuna.1.ctr@us.af.mil
or
katie.whatmore@us.af.mil