The department looks to replace an adversarial, check-the-box mentality around cyber readiness with one that actually helps commanders manage their risk.