Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
Agile Acquisition
An Architecture-Focused Measurement Framework for Managing Technical Debt
Cloud Computing for the Battlefield
U.S. Postal Inspection Service Use of the CERT Resilience Management Model
Insights from the First CERT Resilience Management Model Users Group
NIST Catalog of Security and Privacy Controls, Including Insider Threat
Cisco's Adoption of CERT Secure Coding Standards
How to Become a Cyber Warrior
Considering Security and Privacy in the Move to Electronic Health Records
Measuring Operational Resilience
Why Organizations Need a Secure Domain Name System
Controls for Monitoring the Security of Cloud Services
Building a Malware Analysis Capability
Using the Smart Grid Maturity Model (SGMM)
Integrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM
Conducting Cyber Exercises at the National Level
Indicators and Controls for Mitigating Insider Threat
How Resilient Is My Organization?
Public-Private Partnerships: Essential for National Cyber Security
Software Assurance: A Master's Level Curriculum
Create your
podcast in
minutes
It is Free