Back to News
Market Impact: 0.6

Pentagon to roll out ‘new RMF’ by end of November

Cybersecurity & Data PrivacyTechnology & InnovationRegulation & LegislationInfrastructure & DefenseManagement & Governance

The Department of Defense (DoD) is significantly revamping its software Risk Management Framework (RMF) to accelerate secure software acquisition, with new policy '10 commandments' expected soon and a revised cybersecurity instruction (DoDi 8500) due by November 30. Led by Katie Arrington, this initiative aims to transition from static accreditation to continuous monitoring and Authority to Operate (ATO), leveraging programs like Software Fast Track (SWFT). Concurrently, the DoD is developing a 'mission network as-a-service' concept to consolidate disparate networks into secure commercial cloud environments, signaling substantial opportunities for defense technology and cybersecurity firms specializing in continuous security, cloud integration, and advanced identity and access management.

Analysis

The Department of Defense (DoD) is initiating a significant overhaul of its Risk Management Framework (RMF) for software, aiming to replace a slow, static accreditation process with a more dynamic system. According to acting DoD CIO Katie Arrington, this new framework will be guided by "10 commandments" set to be released in the coming weeks, with a fully revamped cybersecurity instruction (DoDi 8500) due by November 30. The core of this reform is a pivot towards continuous Authority to Operate (cATO) and continuous monitoring, intended to eliminate the multi-year "valley of death" that currently impedes rapid software acquisition. The Software Fast Track (SWFT) initiative, which has already completed two successful pilots, underpins this agile approach. Concurrently, the DoD is developing a "mission network as-a-service" concept to consolidate disparate networks onto commercial cloud platforms. This architecture will leverage advanced identity, credential, and access management (ICAM) and data-tagging capabilities to create secure, multi-level environments. These parallel initiatives signal a fundamental shift in DoD procurement, creating a significant demand pipeline for vendors specializing in DevSecOps, cloud security, and continuous monitoring solutions tailored for the public sector.

AllMind AI Terminal

AI-powered research, real-time alerts, and portfolio analytics for institutional investors.

Request a Demo

Market Sentiment

Overall Sentiment

strongly positive

Sentiment Score

0.75

Key Decisions for Investors

  • Investors should increase focus on cybersecurity and IT service firms with demonstrated expertise in continuous monitoring, DevSecOps, and obtaining continuous Authority to Operate (cATO) for government clients, as these capabilities are central to the DoD's new framework.
  • Monitor policy releases from the DoD around November 30, specifically the revised DoDi 8500, as these documents will provide technical specifics that will directly translate into contract requirements and create opportunities for well-positioned vendors.
  • Identify prime and subordinate contractors with proven experience in secure commercial cloud integration, identity and access management (ICAM), and data-tagging, as they are best positioned to capitalize on the new 'mission network as-a-service' initiative.