DOD Issues New Guidance Balancing Cyber Risk Management, Innovation

The Department of Defense is balancing the vital task of managing the risks associated with cybersecurity and promoting innovation with newly released guidance.

Signed by Deputy Secretary of Defense Kathleen Hicks on May 2, the new guidance mandates “testing re-use and reciprocity to be implemented by any authorized official within the department except when the cybersecurity risk is too great.” It comes after industry officials complained about how a hindrance the authority to operate process is to fostering innovation, FedScoop reported.

In his keynote speech at the annual GEOINT Symposium on Wednesday, John Sherman, chief information officer at the DOD, said that Hicks-signed one-page memorandum ensures businesses do not undergo the same ATO process numerous times.

The criticism of the ATO process is not the first time anyone has recognized its shortcomings. In 2024, a report by the Government Accountability Office found that the Pentagon has yet to adopt key recommendations designed to keep the U.S. a leader in technology development.