Department of War Plans Major Cybersecurity Compliance Overhaul to Streamline Risk Management

The Department of War aims to modernize its cybersecurity compliance by simplifying and automating risk management processes to keep pace with rapid technological change.

Editorial Team · May 27, 2026 · 2 min read · Source: govconwire.com

The Department of War is set to launch a comprehensive reform of its cybersecurity compliance and risk management framework, intending to eliminate outdated procedures that slow down operational readiness. Aaron Bishop, the department’s acting principal deputy chief information officer and chief information security officer, announced that the current system is cumbersome and rooted in obsolete practices.

Bishop described the existing risk management framework (RMF) as a "1990s mentality," burdened by excessive paperwork and slow review cycles. He emphasized that these delays create a mismatch with the rapid pace of modern technology and emerging cyber threats. According to Bishop, the department’s slow, incremental modernization efforts fall short of addressing evolving cybersecurity demands effectively.

The overhaul will focus on simplifying processes, introducing automation, and enabling continuous monitoring across military systems and contractor environments. Bishop outlined plans to replace static documentation and repetitive manual approvals with real-time telemetry and automated visibility tools. This shift aims to provide cyber operators with live, actionable data about the assets they defend, enhancing situational awareness and response capabilities.

Rather than relying on periodic reviews that become obsolete quickly, the new model will incorporate live operational feeds directly from development and deployment environments. This approach aligns with modern continuous integration/continuous deployment (CI/CD) practices and aims to foster a dynamic, up-to-date view of cybersecurity posture. The reform’s goal is to eliminate paper-based processes entirely and reduce the timeframe needed for authorization and compliance verification.

These changes respond to a growing recognition that adversaries and technology ecosystems evolve faster than government modernization cycles. Bishop highlighted the need to bridge this gap by adopting transformation-driven strategies rather than slower evolutionary ones. The Department of War intends to introduce these reforms within the coming months, signaling a major shift in how cybersecurity oversight is conducted across defense operations.