Sufficient cyber security scrutiny to operate securely

 The U.S. military often relies on RMF to ensure that U.S. military systems go through sufficient cybersecurity scrutiny to operate securely on U.S. military networks. Because the RMF process applies to many different types of systems -- from enterprise to small embedded systems -- there are many possible controls that systems designers must analyze and document that may not apply to embedded systems. For instance, there are RMF controls related to awareness and training (AT family) and personnel security (PS family) that may apply to the overall program but unlikely to apply to the embedded system itself. 

Still, it takes time to analyze, document, verify, and monitor the embedded system to ensure that none of the assumptions change. It's also important not only to prevent any backdoors into the system but also to understand that additional work may be necessary to secure entry level computer science jobs approval for these sorts of systems.

The RMF was developed with the understanding that it applies across a wide variety of systems. This resulted in designing the concept of overlays to help address this concern. An overlay is a selection of controls specific to a particular type of system.


Comments

Post a Comment

Popular posts from this blog

Collaborative and sociable endeavour

obstacles to becoming a professional programmer. For one, outside the industry, harmful stereotypes remain. Engineers are often seen as introverted, antisocial and (you guessed it) male. As a teenager who wasn’t any of those things, I was put off. And I know there are many others now who are just like I was then. So perhaps it’s not surprising that I didn’t want a job that, at first glance, appeared to isolate me from other people in some form of employed solitary confinement. So, it was with this thought in mind that I stepped away from engineering to instead embark on a career in marketing. Fortuitously my father happened to work in the same building as my new company, so before and after work I would spend time sitting in his office.  By observing him and his team, I quickly discovered that working in software development was not an isolating role, but rather a much more collaborative and sociable endeavour.  I  computer science vs computer engineering   then and there that I had to
Read more

Two founding signatories leave Architects Declare

 Over the past year, Zaha Hadid Architects and Foster + Partners, two of the 17 founding signatories of Architects Declare, have been criticised for working on aviation projects. Zaha Hadid Architects was criticised for designing Western Sydney International Airport, while Foster + Partners' decision to design an airport for a luxury resort in Saudi Arabia led Architects Climate Action Network, another group that advocates more radical climate action, to call on the studio to withdraw from the project or from Architects Declare. This division over working on airport projects led Foster + Partners to leave Architects Declare yesterday, with studio founder Norman Foster saying: "agriculture and aviation are not going to go away and they will both need the most sustainable buildings to serve them together with the architects who can most responsibly design them." Since its foundation, the UK branch of Architects Declare has gained over jobs with computer science degree whil
Read more

National Security Directive on the Telecommunication Sector

 While the whole move around NSDTS is country agnostic and is purportedly meant to tone up the security of digital networks in the country, the reference to China is definitely doing the rounds. The Cabinet Committee on Security headed by Prime Minister Narendra Modi gave its approval for a National Security Directive on the Telecommunication Sector (NSDTS) that will impact the digital and telecom ecosystem in the country. The NSDTS is aimed at preserving the integrity of the supply chain under which the government will declare a list of trusted sources and trusted products for installation in the country’s telecom networks.  There will also be a list of designated sources from where no procurement is to be made. The methodology to designate trusted products will be devised by the designated authority, the National Cyber Security Coordinator of India, and the list of the trusted source and product decided on the basis of approval by a committee headed by the Deputy National Security Ad
Read more