PURPOSE: In alignment with the NIST Cybersecurity Framework (CSF) 2.0, the DAF Cyber Cake is designed to illustrate our commitment to manage and reduce cybersecurity risks within the Air Force.

CONCEPT:

•Base: The foundational standards for managing federal computer systems.

•The Federal Information Processing Standards (FIPS).

•Platter: Serves wholistic guidance for managing information security and privacy risks.

•NIST’s Risk Management Framework (RMF).

•Layers: Baked recipe of consolidated strategies, assessments, and governance methods that will establish a robust cybersecurity posture.

•Supply Chain Risk Management (SCRM)

•Cyber Supply Chain Risk Management (C-SCRM)

•Cyber Resilience Engineering Framework (CREF)

•MITRE ATT&CK Framework

•Zero Trust

•Toppings: The finishing touches that enable further enhanced cybersecurity.

•Privacy

•Secure Software Development Framework (SSDF)

•Controlled Unclassified Information (CUI)

•Artificial Intelligence (AI)/ Machine Learning (ML)

PUBLICATION: For more information, click here to see details of the DAF Cyber Cake.