原文传递
Acquisition Security Framework (ASF): Managing Systems Cybersecurity Risk.
| 题名: | Acquisition Security Framework (ASF): Managing Systems Cybersecurity Risk. |
| 作者: | Alberts, C; Bandor, M; Wallen, C. M; Woody, C. |
| 摘要: | The Acquisition Security Framework (ASF) is a collection of leading practices for building and operating secure and resilient softw are-reliant sy stems across the systems lifecycle. It enables programs to ev aluate risks and gaps in their processes for acquiring, engineer-ing, and deploy ing secure softw are-reliant systems and provides programs more insight and control over their supply chains. The ASF prov ides a roadmap for building security and resilience into a system rather than “bolting them on” after deploy ment. The framework is de-signed to help programs coordinate the management of engineering and supply chain risks across the many components of a sys-tem, including hardware, network interfaces, software interfaces, and mission capabilities. ASF practices promote proactive dialogue across all program and supplier teams, helping to integrate communications channels and facilitate information sharing. The framework is consistent w ith cybersecurity engineering, supply chain management, and risk management guidance from the International Organiza-tion for Standardization (ISO), National Institute of Standards and Technology (NIST), and Department of Homeland Security (DHS). This report presents an ov erview of the ASF and its dev elopment status. It also includes a snapshot of the practices that hav e been de-v eloped so far and outlines a plan for completing the ASF body of work. |
| 总页数: | 82 pages |
相关文献
检索历史
应用推荐
