Securing ATE Using the DoD's Risk Management Framework

2022 IEEE AUTOTESTCON Pub Date : 2022-08-29 DOI:10.1109/AUTOTESTCON47462.2022.9984778

Robert C. Quinlan, Alex Brinister, Ted Macdonald, Amy White

{"title":"Securing ATE Using the DoD's Risk Management Framework","authors":"Robert C. Quinlan, Alex Brinister, Ted Macdonald, Amy White","doi":"10.1109/AUTOTESTCON47462.2022.9984778","DOIUrl":null,"url":null,"abstract":"Information systems are subject to serious threats that can have adverse impacts on organizational operations and assets, individuals, as well as third parties by compromising the confidentiality, integrity, or availability of information being processed, stored, or transmitted by those systems. Successful attacks on systems can result in grave damage to the economic and security interests of those organizations. In the defense space, the DoD Risk Management Framework (RMF) can provide a foundation for an organization's cybersecurity protection strategy. Securing information systems is a shared responsibility between test companies and their customers. ATE suppliers serving the defense industry can assist customers in securing their Automatic Test Equipment (ATE) by implementing the first four steps of the RMF process. ATE customers further increase the security of their systems by working with test companies to understand what additional security controls they could implement to successfully perform the last two steps of the RMF process. ATE suppliers can implement the following steps for the systems they are supplying: (1) Security categorization; (2) Security control selection; (3) Security control implementation; and (4) Security control assessment. Steps that should be performed by ATE customers are: (5) System authorization; and (6) Continuous monitoring. Early integration of the RMF into the product development life cycle is one of, according to NIST 800–37, “the most cost-effective and efficient methods for an organization to ensure that its protection strategy is implemented” [1]. Test companies can ease customer implementation of the RMF by integrating a specific set of security controls into their own product development life cycles. ATE suppliers can develop a more secure supply chain, harden manufacturing and development processes, and apply operating system (OS) security controls. Finally, they can help customers understand the remaining steps of the RMF that could be implemented to secure the confidentiality, integrity, and availability of their information systems.","PeriodicalId":298798,"journal":{"name":"2022 IEEE AUTOTESTCON","volume":"116 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE AUTOTESTCON","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AUTOTESTCON47462.2022.9984778","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Information systems are subject to serious threats that can have adverse impacts on organizational operations and assets, individuals, as well as third parties by compromising the confidentiality, integrity, or availability of information being processed, stored, or transmitted by those systems. Successful attacks on systems can result in grave damage to the economic and security interests of those organizations. In the defense space, the DoD Risk Management Framework (RMF) can provide a foundation for an organization's cybersecurity protection strategy. Securing information systems is a shared responsibility between test companies and their customers. ATE suppliers serving the defense industry can assist customers in securing their Automatic Test Equipment (ATE) by implementing the first four steps of the RMF process. ATE customers further increase the security of their systems by working with test companies to understand what additional security controls they could implement to successfully perform the last two steps of the RMF process. ATE suppliers can implement the following steps for the systems they are supplying: (1) Security categorization; (2) Security control selection; (3) Security control implementation; and (4) Security control assessment. Steps that should be performed by ATE customers are: (5) System authorization; and (6) Continuous monitoring. Early integration of the RMF into the product development life cycle is one of, according to NIST 800–37, “the most cost-effective and efficient methods for an organization to ensure that its protection strategy is implemented” [1]. Test companies can ease customer implementation of the RMF by integrating a specific set of security controls into their own product development life cycles. ATE suppliers can develop a more secure supply chain, harden manufacturing and development processes, and apply operating system (OS) security controls. Finally, they can help customers understand the remaining steps of the RMF that could be implemented to secure the confidentiality, integrity, and availability of their information systems.

查看原文本刊更多论文

使用国防部的风险管理框架保护ATE

信息系统受到严重的威胁，这些威胁可能会对组织的运营和资产、个人以及第三方产生不利影响，损害这些系统正在处理、存储或传输的信息的保密性、完整性或可用性。对系统的成功攻击可能会对这些组织的经济和安全利益造成严重损害。在国防领域，国防部风险管理框架(RMF)可以为组织的网络安全保护战略提供基础。保护信息系统的安全是测试公司和客户之间的共同责任。为国防工业服务的ATE供应商可以通过实施RMF过程的前四个步骤来帮助客户保护他们的自动测试设备(ATE)。ATE客户通过与测试公司合作，了解他们可以实现哪些额外的安全控制来成功地执行RMF过程的最后两个步骤，从而进一步提高他们系统的安全性。ATE供应商可对其供应的系统实施以下步骤:(1)安全分类;(2)安全控制选择;(3)安全管控实施;(4)安全控制评估。ATE客户应执行的步骤有:(5)系统授权;(6)持续监测。根据NIST 800-37，将RMF早期集成到产品开发生命周期中是“组织确保其保护策略得到实施的最具成本效益和最有效的方法”之一[1]。测试公司可以通过将一组特定的安全控制集成到他们自己的产品开发生命周期中来简化客户对RMF的实现。ATE供应商可以开发更安全的供应链，强化制造和开发流程，并应用操作系统(OS)安全控制。最后，它们可以帮助客户理解RMF的其余步骤，这些步骤可以实现，以确保其信息系统的机密性、完整性和可用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE AUTOTESTCON

自引率

0.00%

发文量