The DoW’s new CSRMC: Why Second Front is already there

Josh Bosquez, CTO, Second Front

Matt Conner, CISO, Second Front

09.26.2025 / 9 hours ago

This week, the Department of War (DoW) announced its new Cybersecurity Risk Management Construct (CSRMC)—a decisive shift from static, “snapshot in time” compliance toward continuous, automated defense. It’s a bold move to ensure cyber resilience operates at the speed of relevance. This latest announcement is further evidence that the Pentagon is fully committed to a robust, risk-informed ecosystem for its suppliers, manufacturers, and commercial enablers. The Department’s leaders are taking steps to implement and execute what had, until now, been more rhetoric than substance. 2F applauds the Department’s actions vigorously.

At 2F, we don’t just believe in the Department’s actions, we’ve been putting them into practice since day one, delivering solutions that already meet this standard.

Alignment in action: How 2F embodies the CSRMC

The CSRMC lays out a five‑phase lifecycle and ten foundational tenets. These aren’t mandates to react to—they’re the core principles driving the 2F Suite and our flagship DevSecOps platform, Game Warden® (Read about Game Warden’s DISA PA). Our customers can be confident they are already aligned with the DoW’s vision for a continuously hardened, verifiable, and actively defended enterprise.

1. Always‑on compliance and continuous authority-to-operate (ATO)

CSRMC call: Move to continuous monitoring and a constant ATO posture.

Our answer: Game Warden eliminates the “accreditation limbo” government programs face by embedding continuous compliance into the platform itself. Customers inherit our robust security controls and near‑real‑time monitoring, enabling faster authorizations and ongoing visibility without stop‑and‑go cycles.

2. DevSecOps and automation at scale

Two of the DoW’s foundational tenets are DevSecOps and automation—driving efficiency, scale, and secure, agile development.

CSRMC call: Institutionalize DevSecOps and automation to deliver secure, agile development at scale.

Our answer: The 2F Suite was purpose‑built for the “Develop. Deploy. Defend.” lifecycle:

2F Workshop provides the toolkit for building compliant software from the start, embedding security into the Design and Build phases of the CSRMC lifecycle.
2F Game Warden then acts as the Software Factory and hosting environment, automating and streamlining compliance processes, allowing software providers to achieve DoD accreditation in as little as 90 days. This speed and efficiency are the direct result of the automation the CSRMC requires.
2F Frontier delivers the Game Warden experience at the edge, providing secure and automated deployments downrange and in austere or disconnected environments.

3. Embracing reciprocity and inheritance

CSRMC call: Reduce compliance burdens and duplicative assessments through reciprocity and inheritance.

Our answer: Inheritance is the foundation of the 2F Suite. With FedRAMP High authorization and DISA Provisional Authorization at IL2/4/5, our customers don’t start from scratch. By deploying on our authorized platform, they inherit the controls required for DoD and IC networks—saving millions in compliance costs and accelerating ATO timelines. This operational inheritance is a game-changer that delivers an ATO for mission owners faster than traditional methods.

Powering cybersecurity at the speed of war

The CSRMC is a critical evolution in federal cybersecurity. It demands that the commercial technology base providing solutions to the federal government meet a new, higher standard of continuous security and operational speed.

The 2F Suite is more than software; it is a commitment to the foundational principles of the new CSRMC. We empower leading software providers to securely deliver critical capabilities to warfighters, ensuring that the DoW can maintain technological superiority against evolving cyber threats and meet the goal of delivering cybersecurity at the speed of war.

To learn more about how Second Front can accelerate your software’s accreditation and deployment onto unclassified and classified government networks, contact our team of experts.

About the authors

Josh Bosquez is the CTO of Second Front. Josh has spent over two decades in technical roles, including being the CTO of Eventus, Armor Cloud Security, and ICON Meals, which he also co-founded.

Matt Conner is the CISO of Second Front. Matt’s career in government and industry cybersecurity spans nearly 25 years. It includes previous roles as the CISO of Westinghouse Electric Corporation, the National Geospatial-Intelligence Agency, and the United States Intelligence Community.

Industry Insights

Looking for more?

Blog

09.16.25

Products

DISA PA Approval: Accelerating DoD Market Access for Tech Innovators

Read blog

Listen now

See All Resources

Your success is our mission.

Get Started

Products

Develop. Deploy. Defend.

The 2F Suite simplifies and accelerates every step of the software development and delivery process, including Day 2 operations and extensibility.

Explore the 2F Suite

2F Workshop

Build compliant software from the start with our toolkit for secure development.

2F Game Warden

Streamline compliance and security processes to obtain accreditation quickly.

2F Frontier

Deploy your software for drones, devices, and vehicles by air, land, and sea.
Why 2F

Trusted. Proven. Relentless.

Leading software providers and government agencies around the world trust us to deliver secure technology.

Why 2F

About Us

We’re a public-benefit, venture-backed company delivering mission-critical software to the world’s democracies.

Partners

We collaborate with a diverse network of mission-driven partners to broaden the reach of our solutions.
Solutions
Solutions that empower and transform.

Whether delivering software to the public sector for the first time or needing a hand navigating the complex accreditation process, 2F is your one-stop shop.

Explore our solutions
For Commercial

DOD Accreditations

FedRAMP Authorization

Government Cloud Hosting

Secure Development

For Government

Monitoring & Observability

Software Factory

Security Accreditation

SaaS Hosting

Edge Deployment

For International

UK and Europe Accreditation

International Software Expansion
Resources
Your command center for knowledge and innovation.

Strategic insights, mission-ready resources, and frontline expertise—all in one place.

Explore the 2F resources
Resources

Blog

Customer Stories

Podcast

Videos

Technical Documentation

Topics

2F Team & Culture

Industry Insights

Products

News & Events

News

Events

Offset Symposium

Get Started

2F Workshop

2F Game Warden

2F Frontier

About Us

Partners

For Commercial

For Government

For International

Resources

Topics

News & Events

The DoW’s new CSRMC: Why Second Front is already there

Alignment in action: How 2F embodies the CSRMC

1. Always‑on compliance and continuous authority-to-operate (ATO)

2. DevSecOps and automation at scale

3. Embracing reciprocity and inheritance

Powering cybersecurity at the speed of war

About the authors

Looking for more?

DISA PA Approval: Accelerating DoD Market Access for Tech Innovators

Additional Resources

102. Geoff Wylde, VP & General Manager of Ōura

101. Ivan Zhang, Co-Founder of Cohere

100. Chris Miller, Former Acting Secretary of Defense

FedRAMP® explained: requirements, benefits, and the path to ATO

97. Larsen Jensen, Founder and General Partner, Harpoon Ventures

Ep 96. John Conafay, Co-Founder and CEO of Integrate

Ep 95. Rob Boeckmann, Director of Social at Black Rifle Coffee Company

Ep 94. Connected for Impact: Trust, Build, Deliver (Live at Offset ’25)

Ep 93. Offset 2025 Keynote with Senator Markwayne Mullin

Ep 92. Bret Boyd, Cofounder & CEO of Sustainment