Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
AI Workforce Development
Moving from DevOps to DevSecOps
My Story in Computing with David Zubrow
Mission-Based Prioritization: A New Method for Prioritizing Agile Backlogs
My Story in Computing with Carol Smith
Digital Engineering and DevSecOps
A 10-Step Framework for Managing Risk
7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts
Ransomware: Evolution, Rise, and Response
VINCE: A Software Vulnerability Coordination Platform
Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network
An Introduction to CMMC Assessment Guides
The CMMC Level 3 Assessment Guide: A Closer Look
The CMMC Level 1 Assessment Guide: A Closer Look
Challenging the Myth of the 10x Programmer
A Stakeholder-Specific Approach to Vulnerability Management
Optimizing Process Maturity in CMMC Level 5
Reviewing and Measuring Activities for Effectiveness in CMMC Level 4
Situational Awareness for Cybersecurity: Beyond the Network
Create your
podcast in
minutes
It is Free