Recommendations for Improving Agility in Risk Management for Urgent and Emerging Capability Acquisitions - Quick Look Report
Abstract
This paper provides the results of an analysis of statutory and DoD requirements for risk management levied on urgent and emerging capability acquisitions. The IDA team reviewed statutory language and DoD policies and regulations for meeting risk management requirements and interviewed subject matter experts to support the analysis. Based on our analysis, the IDA team recommends the following actions to streamline the Risk Management Framework (RMF) process for urgent and emerging capabilities: Develop a tactical overlay to emphasize appropriate tailoring of core minimum security controls that are relevant to the operational environment; Consider reciprocity first - emphasizing performance and operational value over a checklist or compliance methodology; Allow an urgent and emerging capabilities off-ramp for the Authority to Operate (ATO) decision and Authorizing Official (AO) review when mission need demands that the solution not be late to need.
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 10, 2017
- Accession Number
- AD1123201
Entities
People
- Cameron E. Depuy
- J. Corbin Fauntleroy
- Laura A. Odell
- Miranda G. Seitz-mcleese
- Tyler C. Rabren
Organizations
- Institute for Defense Analyses