Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

Accelerating ATOs with the new cybersecurity risk management construct

Cumbersome and slow is not a requirement of compliance. Adaptable, dynamic, and flexible compliance can be a reality.

Download PDF
Share

The Department of War’s (DoW) new cybersecurity risk management construct (CSRMC) is designed to improve the process of obtaining an authority to operate (ATO) technologies that empower our warfighters by verifying that they meet strict cybersecurity standards. It’s a major update to the risk management framework (RMF) processes that had made obtaining an ATO a burdensome and time-consuming effort. It marks a pivotal shift in how cyber risk is managed, transitioning from static, manual, checklist-driven assessments to a more dynamic, automated, and continuous approach.

The CSRMC re-focuses the RMF on security and mission effectiveness rather than on compliance. This is as much a cultural change as it is a process or technology one. Many security officers and assessors had become conditioned to execute RMF steps as a procedural exercise, often without considering the actual security value those steps provide. The CSRMC formalizes the transition from static compliance to dynamic, risk-informed decision-making.

In this paper, we describe the impact of the CSRMC on the development, release, and continuous operation of technologies at the DoW. It includes specific use cases that describe how artificial intelligence (AI) can help anticipate threats before they reach production, quantify risk to guide investment, and continuously validate controls in production environments—and realize CSRMC principles at scale.

Dive into our thinking

From burden to battlefield: Accelerating ATOs with the new cybersecurity risk management construct

Cumbersome and slow is not a requirement of compliance. Adaptable, dynamic, and flexible compliance can be a reality.

Download PDF

Explore more

Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Goodbye, SOAR/SecOps? Hello, CIAO!

Artificial intelligence (AI) is transforming cybersecurity from a semi-reactive organization to a more proactive force

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Successful zero-trust transformation in government

Seven key lessons

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Falling behind on zero trust

Five things you can do to help get back on track

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Zero trust microsegmentation

Visualizing security through a mission-first lens

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Deliver a secure digital experience every time

Learn real-world applications governments can use to deliver on their responsibility to secure data and assets from idea through delivery

Read more

Want to receive the latest government insights?

Opt-in today and be the first to receive the latest industry updates from KPMG

Opt-in

Meet our team

Image of Tyler A Carlin
Tyler A Carlin
Director Advisory, Con FED Risk Services, KPMG US
Read bio
Image of Tyler A Carlin
Tyler A Carlin
Director Advisory, Con FED Risk Services, KPMG US
Read bio

Explore other services

Industry
Government and Public Sector
Read more
Industry
Federal government
Read more
Industry
State and local government
Read more

Thank you

Thank you for subscribing. You should receive a confirmation e-mail soon.

Connect with KPMG

Opt-in to receive the latest government insights from KPMG

Thank you for reaching out. We will be in touch soon to follow up.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline