Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
Moving Target Defense
Improving Cybersecurity Through Cyber Intelligence
A Requirement Specification Language for AADL
Becoming a CISO: Formal and Informal Requirements
Predicting Quality Assurance with Software Metrics and Security Methods
Network Flow and Beyond
A Community College Curriculum for Secure Software Development
Security and the Internet of Things
The SEI Fellow Series: Nancy Mead
An Open Source Tool for Fault Tree Analysis
Global Value Chain – An Expanded View of the ICT Supply Chain
Intelligence Preparation for Operational Resilience
Evolving Air Force Intelligence with Agile Techniques
Threat Modeling and the Internet of Things
Open Systems Architectures: When & Where to Be Closed
Effective Reduction of Avoidable Complexity in Embedded Systems
Toward Efficient and Effective Software Sustainment
Quality Attribute Refinement and Allocation
Is Java More Secure Than C?
Identifying the Architectural Roots of Vulnerabilities
Create your
podcast in
minutes
It is Free