Won-Young Lee, Journal of Internet Computing and Services, Vol. 25, No. 6, pp. 61-69, Dec. 2024
10.7472/jksii.2024.25.6.61, Full Text:
Keywords: K-RMF, RMF, Security plan, Weapon system security plan, Cyber Security

Abstract

In the United States, RMF is U.S. Department of Defense's integrated security management system that manages security risks throughout the life cycle of all defense systems involving information technology. Recently, it is required researching on how to write a security plan frame for efficient application of the K-RMF, which is scheduled to be applied from July 2024, based on U.S. Department of Defense Cybersecurity Risk Management Directive of the Ministry of Defense in Republic of Korea. Therefore, in this paper, we propose the contents of the K-RMF security plan based on the existing RMF security plan and the current Counter-intelligence security plan. In addition, the detailed research contents are as follows. First of all, we review the cases of foreign RMF security plan and the contents of domestic Counter-intelligence security plan. Second, the contents that need to be checked in the K-RMF security assessment for system risk management were identified and defined, and vendor organized system development project was applied as an example. Third, the proposed contents were validated through the expert advisory commission and cyber security working group. Finally, this study is important in that it is the first attempt to study major document for the application of K-RMF, and it is expected to be utilized as a basis for similar deliverables of the security plan to be developed in the future and to serve as a foundation for K-RMF security evaluation criteria.

Statistics
Cite this article