Cyber Vulnerabilities Assessments and Evaluations

Abstract

This funding line reduces the Army's risk to adversarial cyber intrusions or attacks that could compromise critical weapon systems and kill chains. Cyberspace Operational-Resilience Assessment - Platform (CORA-P) improves survivability across Army modernization efforts and maintains readiness of operational capabilities. CORA-P addresses the requirements of Section 1647 of the FY16 NDAA, which directed the Services to identify and mitigate cyberspace vulnerabilities in critical weapon systems. The Army initially established CORA-P to continue Section 1647 assessments, while expanding to include supply chain risk analysis, electromagnetic spectrum vulnerabilities, persistent cyber red teaming, and crosscutting/architectural vulnerabilities. CORA-P now integrates with and enhances the DoD's Strategic Cybersecurity Program, as enacted in Section 1712 of the FY21 NDAA. Accordingly, CORA-P is shifting from executing new assessments, to developing and delivering vulnerability remediations from ongoing assessments and defensive operations. This includes improving the structure and visibility of vulnerability data to improve portfolio risk management, initiating remediation efforts for high-priority, crosscutting issues, and avoiding future risks by driving improvements earlier in materiel development for modernization programs. Under CORA-P, the Army prioritizes capabilities most-relevant to JROC-designated and threat-informed capabilities supporting National Defense Strategy priorities. The Army reviews the security posture of these critical components, develops remediation strategies, and facilitates delivery of fixes at mission-relevant speed. CORA-P is helping move the Army from system-oriented compliance to system-of-systems resilience that addresses defensive gaps between individual components; this is necessary to prevent adversaries from denying critical kill chains. CORA-P ensures Army cyberspace remediation investments address areas of highest operational risk. CORA-P also provides the framework by which individual programs can elevate threat-informed remediation requirements to drive cybersecurity investments across portfolios to mission areas of highest operational risk. When applicable, this PE also provides for Red Team enhancement to support Combatant Command mission-level cyber vulnerability assessments.

Document Details

Document Type

Project

Publication Date

Oct 01, 2025

Source ID

FL2_0606942A_6_2040_PB_2025

Tags

Related Documents

• Root: Assessments and Evaluations Cyber Vulnerabilities
• Child Accomplishment: Cyberspace Operational Resiliency Assessment - Platform (CORA-P)
• Child Accomplishment: Red Team