Cyber Resiliency and Cybersecurity Policy

Cyber Resiliency & Cybersecurity Policy under the Office of the Secretary of Defense, focuses on defending critical mission weapon systems and infrastructure from cyber attacks and protecting sensitive unclassified information within the Defense Industrial Base (DIB) sector and supply chain. The program supports the Strategic Cybersecurity Program (SCP) to conduct cyber risk assessments for priority defense missions, develop and employ a Cyber Risk Mitigation Tool (CRMT), and prioritize cyber risk mitigations based on mission analysis. Additionally, it aims to implement and sustain the Cybersecurity Maturity Model Certification (CMMC) framework within the DIB sector, conduct pathfinders for emerging cybersecurity services/tools/platforms, and provide cost-effective cybersecurity services for small-to-medium sized DIB companies critical to the DoD supply chain.

The program's specific goals include continuing critical weapon systems and defense infrastructure cybersecurity assessments and mitigations, developing and refining cybersecurity policies, conducting mission level cyber risk assessments, prioritizing mitigations and vulnerabilities based on mission analyses, managing the portfolio of Joint Cyber Warfighting Architecture components, overseeing CMMC implementation, executing CMMC pilots, and conducting risk reduction pathfinders on CMMC Level 3 enhanced security requirements. These efforts are aimed at enhancing cyber resiliency and cybersecurity policy to safeguard critical defense assets from cyber threats and ensure the security of sensitive unclassified information within the Defense Industrial Base sector and supply chain.