Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
Mission-Based Prioritization: A New Method for Prioritizing Agile Backlogs
My Story in Computing with Carol Smith
Digital Engineering and DevSecOps
A 10-Step Framework for Managing Risk
7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts
Ransomware: Evolution, Rise, and Response
VINCE: A Software Vulnerability Coordination Platform
Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network
An Introduction to CMMC Assessment Guides
The CMMC Level 3 Assessment Guide: A Closer Look
The CMMC Level 1 Assessment Guide: A Closer Look
Challenging the Myth of the 10x Programmer
A Stakeholder-Specific Approach to Vulnerability Management
Optimizing Process Maturity in CMMC Level 5
Reviewing and Measuring Activities for Effectiveness in CMMC Level 4
Situational Awareness for Cybersecurity: Beyond the Network
Quantum Computing: The Quantum Advantage
CMMC Scoring 101
Developing an Effective CMMC Policy
Create your
podcast in
minutes
It is Free