Abstract: The purpose of this study is to identify directions for development the risk management system for defense product certification programs based on the new edition of the ISO 31010:2019 (EN IEC 31010:2019 Risk management - Risk assessment techniques) standard, which comes into effect on December 31, 2023, taking into account the best practices of risk management and the specifics of defense procurement. The system of national legal regulation of risk management in the field of defense products is just beginning to develop. In Ukraine, for a long time, the issue of risk management in the defense sector was regulated exclusively by legal acts of the Ministry of Defense of Ukraine, which approved the Procedure for Internal Control and Risk Management, which took into account mostly risks in the field of defense. Defense programs are highly complex systems consisting of hardware and software, multiple vendors, rapid technology changes, and obsolescence issues, and their inefficiency poses high risks to the nation's defense capability and personnel safety. In the contrast to NATO, Ukraine had a dichotomy rather than synergy between the military and civilian sectors.  Since the defense management sector has not yet adopted regulation on risk management that would contain specific approaches to that management and specific methods of risk assessment, in particular for certification and testing; the certification bodies assessing the conformity of defense products should independently develop their own risk management system based on current NATO standards, taking into account the provisions of  DSTU ISO/IEC 31000:2022; that should contain stages of risk management, criteria and a risk assessment matrix for the certification of defense products. The application of ISO/IEC international standards should also become the integral part of the procedure for international recognition of the results of tests or research they carry out.