Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
How the University of Pittsburgh Is Using the NIST Cybersecurity Framework
A Software Assurance Curriculum for Future Engineers
Four Types of Shift Left Testing
Capturing the Expertise of Cybersecurity Incident Handlers
Toward Speed and Simplicity: Creating a Software Library for Graph Analytics
Improving Quality Using Architecture Fault Analysis with Confidence Arguments
A Taxonomy of Testing Types
Reducing Complexity in Software & Systems
Designing Security Into Software-Reliant Systems
Agile Methods in Air Force Sustainment
Defect Prioritization With the Risk Priority Number
SEI-HCII Collaboration Explores Context-Aware Computing for Soldiers
An Introduction to Context-Aware Computing
Data Driven Software Assurance
Applying Agile in the DoD: Twelfth Principle
Supply Chain Risk Management: Managing Third Party and External Dependency Risk
Introduction to the Mission Thread Workshop
Applying Agile in the DoD: Eleventh Principle
A Workshop on Measuring What Matters
Applying Agile in the DoD: Tenth Principle
Create your
podcast in
minutes
It is Free