Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
Using Quality Attributes to Improve Acquisition
Best Practices for Trust in the Wireless Emergency Alerts Service
Three Variations on the V Model for System and Software Testing
Adapting the PSP to Incorporate Verified Design by Contract
Comparing IT Risk Assessment and Analysis Methods
AADL and Aerospace
Assuring Open Source Software
Security Pattern Assurance through Roundtrip Engineering
The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)
Applying Agile in the DoD: Fifth Principle
Software Assurance Cases
Raising the Bar - Mainstreaming CERT C Secure Coding Rules
AADL and Télécom Paris Tech
From Process to Performance-Based Improvement
An Approach to Managing the Software Engineering Challenges of Big Data
Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience
Situational Awareness Mashups
Applying Agile in the DoD: Fourth Principle
Architecting Systems of the Future
Acquisition Archetypes
Create your
podcast in
minutes
It is Free