April 26, 2024 at 05:44PM
MITRE’s CREF Navigator now includes the US Department of Defense’s CMMC, helping DIB engineers strengthen supply chain resilience against cyber attacks. The tool aligns with NIST SP 800-171 and CMMC Level 3, providing a searchable, visualized framework for informed decision-making in cyber solutions. The freely available tool can be customized and integrated with different security data.
Key Takeaways from Meeting Notes:
1. MITRE’s Cyber Resiliency Engineering Framework (CREF) Navigator now integrates the US Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) to enhance supply chain resilience against cyber threats for the Defense Industrial Base (DIB).
2. The CREF Navigator aligns with NIST SP 800-171 and a subset of NIST SP 800-172, specifically tailored to the proposed CMMC Level 3 model, addressing 24 out of 34 security requirements for sophisticated cyber attacks.
3. Wen Masters, vice president of cyber technologies at MITRE, emphasized the importance of accountability and following appropriate security requirements throughout the entire supply chain to build a resilient system against cyber threats.
4. MITRE, in collaboration with NIST, developed the original cyber resiliency framework, NIST SP 800-160, Volume 2 (Rev. 1). The CREF Navigator was launched in early 2023, enabling easy search and visualization of the NIST framework.
5. The CREF Navigator also aligns with the MITRE ATT&CK® knowledge base and Cyber Model-Based Systems Engineering (MBSE) for cyber threat modeling.
6. Shane Steiger, principal cybersecurity engineer at MITRE, highlighted that the CREF Navigator can be customized to individual needs, allowing the import and export of security data in .csv format, and it will be further enhanced for Zero Trust Architectures.
7. The CREF Navigator is freely available to the cyber community and can be accessed at https://ift.tt/Hg0XnzZ.
8. MITRE is a mission-driven organization dedicated to solving problems for a safer world through public-private partnerships and as an operator of federally funded R&D centers.
Please let me know if there is anything else I can assist you with!