The Pentagon Launches New Initiatives for ATO Reciprocity and Digital Modernization

At this year’s GON Symposium in Florida, Department of Defense (DOD) CIO John Sherman announced several new IT modernization initiatives, highlighted by a significant new policy to address risk management and cybersecurity reciprocity challenges.

During his keynote address, Sherman introduced a one-page memo signed by Deputy Secretary of Defense Kathleen Hicks on May 2nd, which directs DOD authorizing officials to implement testing, reuse, and reciprocity for systems with Authority to Operate (ATO) designations, except when the cybersecurity risk is too high. Sherman explained that this memo establishes reciprocity as the default approach, meaning that when one military branch or agency deems a system safe to operate, other branches can trust that authorization without redoing the due diligence, unless the risk warrants otherwise.

The intent, Sherman noted, is to maintain a balance between robust cybersecurity and efficient operations, allowing the DOD to move more quickly without redundant checks.

Additionally, Sherman announced the Fulcrum initiative, aimed at accelerating the DOD’s transition from a hardware-defined to a software-defined enterprise. Expected to be detailed in June, this digital modernization initiative builds on the DOD’s 2019 defense modernization strategy. Sherman confirmed that Deputy CIO Leslie Beavers is leading the development of this new plan, working closely with the department’s Customer Experience Officer, Savan Kong. Kong’s team will play a key role in enabling the Fulcrum initiative.

The Daily Scoop Podcast is available every Monday-Friday afternoon.If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts and Spotify.