The 8 Values
“We are uncovering better ways of [managing security and privacy risk] by doing it and helping others do it. Through this work, we have come to value:”
- Proactive Prevention over Reactive Remediation
- While we recognize the importance of addressing vulnerabilities and breaches, we prioritize building systems that prevent these issues from arising in the first place.
- Automated Assurance over Manual Checks
- While manual checks have their place, we believe in harnessing the power of automation to ensure RMF standards are consistently and efficiently met.
- Continuous Collaboration over Siloed Departments
- Rather than isolating teams with differing incentives, we value the synergy of development, operations, and risk management teams working together to achieve common goals.
- Adaptive Frameworks over Rigid Rulesets
- While certain standards are non-negotiable, we believe in a flexible approach, as encouraged by the RMF, that can adapt to new challenges, technologies, and learnings without compromising security or privacy.
- Real-time Feedback over Periodic Audits
- While periodic reviews are necessary, we prioritize systems that provide instant feedback on security and privacy risk, enabling immediate actions and adjustments.
- Team Education over Enforcement Only
- Instead of just imposing rules, we value educating teams on the importance of RMF, fostering a culture of shared responsibility and awareness.
- Transparency in Processes over Obscurity
- We believe in clear visibility into our RMF processes, technologies, and their outputs, ensuring that all stakeholders understand, trust, and can validate our approach at any time.
- Tailored Implementations over One-size-fits-all
- While generic solutions can provide a foundation, we prioritize implementations that meet the unique mission objectives for each organization.
"That is, while there is value in the items on the right, we value the items on the left more."[^1]
This artifact draws heavily from the Manifesto for Agile Software Development, which can be found at: https://agilemanifesto.org/