Cybersecurity (CS) requirements and considerations have increasingly been impacting special-purpose systems with embedded Information Technology (IT) such as simulator and training systems in recent years. This is primarily driven by increased insider threats, proliferation of network interconnections, and the rise of mobile computing (smartphones/tablets) as well as increased capabilities of nation states, organized crime, and political activists to gather and exploit information about current capabilities. In the past CS measures have been applied through either Risk Avoidance “shutting down a capability until the risk is eliminated� or Risk Ignorance, “operating a system without regard to the risk because of a perceived functional or operational need�. However, through the use of Risk Management, CS can balance these two areas by assuring the mission and protecting the systems, networks and information by properly categorizing the system and the information through a risk based assessment process. To avoid mission impact previous policy was compliance based and risk was typically avoided or waived rather than mitigated. The DoD Risk Management Framework (RMF) (DoDI 8500.01, 2014) seeks to address the shortfalls that compliance management imposed on systems. However, a clear understanding of how to apply risk is needed to provide a balanced approach to CS. To support CS requirements this paper will present an approach for assessing risk to simulator and training systems and outline the steps necessary to overcome and mitigate said issues through a process that focuses on applicability, compliance, mitigation, and reduction of impact. This paper is not a description of the DoD RMF, but seeks to provide a process to assess CS requirements by addressing the “Spirit and Intent� of the CS requirement, its applicability, probability, and impact of applying or not applying that requirement, and identifying solutions that resolve the finding or reduces the impact to an acceptable level for authorization. This paper will strive to provide a practical approach to assessing system risk by providing initial framework examples that will demonstrate its applicability to manage new technology insertions, network connectivity, existing program limitations and mobile computing impacts to existing simulator and training systems.