Robert C. Quinlan, Alex Brinister, Ted Macdonald, Amy White
{"title":"Securing ATE Using the DoD's Risk Management Framework","authors":"Robert C. Quinlan, Alex Brinister, Ted Macdonald, Amy White","doi":"10.1109/AUTOTESTCON47462.2022.9984778","DOIUrl":null,"url":null,"abstract":"Information systems are subject to serious threats that can have adverse impacts on organizational operations and assets, individuals, as well as third parties by compromising the confidentiality, integrity, or availability of information being processed, stored, or transmitted by those systems. Successful attacks on systems can result in grave damage to the economic and security interests of those organizations. In the defense space, the DoD Risk Management Framework (RMF) can provide a foundation for an organization's cybersecurity protection strategy. Securing information systems is a shared responsibility between test companies and their customers. ATE suppliers serving the defense industry can assist customers in securing their Automatic Test Equipment (ATE) by implementing the first four steps of the RMF process. ATE customers further increase the security of their systems by working with test companies to understand what additional security controls they could implement to successfully perform the last two steps of the RMF process. ATE suppliers can implement the following steps for the systems they are supplying: (1) Security categorization; (2) Security control selection; (3) Security control implementation; and (4) Security control assessment. Steps that should be performed by ATE customers are: (5) System authorization; and (6) Continuous monitoring. Early integration of the RMF into the product development life cycle is one of, according to NIST 800–37, “the most cost-effective and efficient methods for an organization to ensure that its protection strategy is implemented” [1]. Test companies can ease customer implementation of the RMF by integrating a specific set of security controls into their own product development life cycles. ATE suppliers can develop a more secure supply chain, harden manufacturing and development processes, and apply operating system (OS) security controls. Finally, they can help customers understand the remaining steps of the RMF that could be implemented to secure the confidentiality, integrity, and availability of their information systems.","PeriodicalId":298798,"journal":{"name":"2022 IEEE AUTOTESTCON","volume":"116 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE AUTOTESTCON","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AUTOTESTCON47462.2022.9984778","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Information systems are subject to serious threats that can have adverse impacts on organizational operations and assets, individuals, as well as third parties by compromising the confidentiality, integrity, or availability of information being processed, stored, or transmitted by those systems. Successful attacks on systems can result in grave damage to the economic and security interests of those organizations. In the defense space, the DoD Risk Management Framework (RMF) can provide a foundation for an organization's cybersecurity protection strategy. Securing information systems is a shared responsibility between test companies and their customers. ATE suppliers serving the defense industry can assist customers in securing their Automatic Test Equipment (ATE) by implementing the first four steps of the RMF process. ATE customers further increase the security of their systems by working with test companies to understand what additional security controls they could implement to successfully perform the last two steps of the RMF process. ATE suppliers can implement the following steps for the systems they are supplying: (1) Security categorization; (2) Security control selection; (3) Security control implementation; and (4) Security control assessment. Steps that should be performed by ATE customers are: (5) System authorization; and (6) Continuous monitoring. Early integration of the RMF into the product development life cycle is one of, according to NIST 800–37, “the most cost-effective and efficient methods for an organization to ensure that its protection strategy is implemented” [1]. Test companies can ease customer implementation of the RMF by integrating a specific set of security controls into their own product development life cycles. ATE suppliers can develop a more secure supply chain, harden manufacturing and development processes, and apply operating system (OS) security controls. Finally, they can help customers understand the remaining steps of the RMF that could be implemented to secure the confidentiality, integrity, and availability of their information systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
