PRESS RELEASE
McLean, Va. & Bedford, Mass., April 25, 2024 — MITRE’s Cyber Resiliency Engineering Framework (CREF) NavigatorTM now incorporates the US Division of Protection’s Cybersecurity Maturity Mannequin Certification (CMMC) so cybersecurity engineers for the Protection Industrial Base (DIB) can strengthen provide chain resilience towards subtle cybersecurity assaults. The CREF Navigator aligns with NIST SP 800-171, the Nationwide Institute of Requirements and Expertise’s (NIST) publication designed to safeguard Managed Unclassified Data (CUI) and the subset of NIST SP 800-172 that aligns with the proposed CMMC Stage 3 mannequin which has 24 of the 34 safety necessities that handle extra subtle cybersecurity assaults.
“Our nationwide safety relies on the safety of our protection techniques and the provision chains to allow that protection,” mentioned Wen Masters, vp, cyber applied sciences, MITRE. “All alongside the provision chain, you want accountability in following the suitable safety necessities to construct a resilient system. Resilience within the face of a cyber-attack shouldn’t be a fast repair. Resiliency have to be engineered earlier than an incident.”
MITRE in partnership with NIST created the unique cyber resiliency framework, NIST SP 800-160, Quantity 2 (Rev. 1). The CREF Navigator, which debuted in early 2023, makes that NIST framework searchable and visualized. With the instrument, engineers could make educated and knowledgeable selections whereas designing resilient cyber options. Past pairing with CMMC, the CREF Navigator additionally aligns with the MITRE ATT&CK® information base of techniques and strategies and Cyber Mannequin-Primarily based Programs Engineering (MBSE) for cyber menace modeling.
“To permit cyber engineers to customise the instrument for his or her particular person wants, we enhanced the CREF Navigator so customers can create their very own situations and apply totally different parameters of threats and strategies,” mentioned Shane Steiger, principal cybersecurity engineer, MITRE. “No matter how you retain your safety information, you’ll be able to import your information into the CREF Navigator through a .csv file, and the visualization of the info could be exported again out to a .csv file. Later this 12 months, we’ll add enhancements for Zero Belief Architectures.”
As with a lot of MITRE’s sources for cyber defenders which can be developed within the public curiosity, the CREF Navigator is freely obtainable to the better cyber group. See the CREF Navigator in motion at https://CREFNavigator.mitre.org.
About MITRE
MITRE’s mission-driven groups are devoted to fixing issues for a safer world. By means of our public-private partnerships and as an operator of federally funded R&D facilities, we work throughout authorities and in partnership with business to sort out challenges to the security, stability, and well-being of our nation. Be taught extra at mitre.org.
