Challenges of Risk Management Framework for Cyber Security and Trusted Computing in Embedded Computing

article
article
Article
January 27, 2021

Challenges of Risk Management Framework for Cyber Security and Trusted Computing in Embedded Computing

Published in Military & Aerospace Electronics
Written by Steve Edwards of Curtiss-Wright and Richard Jaenicke of Green Hills Software

 

The Risk Management Framework (RMF) is a U.S. federal government policy and set of standards developed by the National Institute of Standards and Technology (NIST) in Gaithersburg, Md., for the assessment and authorization of mission systems.

Given that systems typically are an integration of several products, using component products that meet functional and assurance security requirements, such as Common Criteria (CC) protection profiles, can streamline assessing the integrated system.

Increasingly, U.S. military programs are using RMF to address cyber security and trusted-computing requirements, and for some systems, it is required to get Approval to Operate (ATO). Because RMF is a system-level certification, it is for certifying whole systems -- not just an individual component.

This includes all the hardware and software in that system, and there are some steps that system designers can take for board-level hardware and software components to make RMF certification easier.

Getting started with RMF

The RMF establishes security and privacy controls for systems and organizations. It contains more than 800 controls to select from, many of which don't apply to embedded systems. It is up to the program office or federal agency to go through all the RMF controls and determine which apply. The RMF controls come in a series of NIST and Federal Information Processing Standards (FIPS) documents:

  • NIST SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems;
  • NIST SP 800-53: Security and privacy controls for Federal Information Systems and Organizations; and
  • FIPS 199: Standards for Security Categorization of Federal Information and Information Systems.

 

Read the full article.

Trusted Computing for Defense & Aerospace Learn More

Trusted Computing for Defense & Aerospace

Curtiss-Wright goes well beyond standard approaches to Trusted Computing to provide truly secure solutions for air, ground, and sea platforms. We keep cybersecurity and physical protection in mind, from design and testing to supply chain and manufacturing. This comprehensive, end-to-end approach creates an effective mesh of protection layers that integrate to ensure reliability of Curtiss-Wright products in the face of attempted compromise.

Learn More
Green Hills Software Learn More

Green Hills Software and Curtiss-Wright Partnership

Curtiss-Wright and Green Hills Software work closely together to ensure Curtiss-Wright’s computing modules and systems take full advantage of the high assurance real-time operating system capabilities of Green Hills’ INTEGRITY®-178 tuMP™ RTOS. With Green Hills and Curtiss-Wright, customers can take advantage of the multi-core processing power of Intel® x86 and NXP® Power Architecture® processors in industry-standard OpenVPX, VME, XMC, and custom form factors to get their program started quickly.

Learn More

Related Resources

Case studies
Building a Truly Trusted Computing Solution with COTS Hardware and Intel Security Capabilities
Brochures
TrustedCOTS and Enhanced TCOTS (eTCOTS) for Trusted Computing Brochure
Brochures
Curtiss-Wright and Wind River Trusted Foundations for Mission Critical Applications
Trusted Computing: A Layered Approach to Security
Media
Recap: National Cyber Security Awareness Month 2018
Media
White Paper Series: Trusted Computing for Aerospace and Defense
Media
Establishing a Root of Trust: Trusted Computing and Intel-based Systems
Media
Developing Effective Hardware and Software COTS Security Technologies
Media
Decomposing System Security to Prevent Cyber Attacks in Trusted Computing Architectures
Media
Curtiss-Wright and Raytheon Intelligence & Space Collaborate to Bring Cost-Effective Plug-in Solution for Adding Security IP to COTS Modular Open Systems
Media
The Essentials of Trusted Computing and Cyber Security
Media
Introduction to Certification Authorities for Trusted Computing in Military and Avionics Products
Media
COTS-Based Trusted Computing: Getting Started in Next-Generation Mission-Critical Electronics
Media
Unmanned Systems Vulnerable to the Enemy, Which Makes Trusted Computing a Critical Cyber Design Challenge
Media
Trusted Computing: An Overview
Media
Trusted Computing Hardware Features for Maintaining Cyber Security During Operation
Media
Trusted Computing Can Depend on Asymmetric Cryptography Algorithms to Assure the Integrity of Protected Data
Media
Curtiss-Wright Selected to Provide Cost-Effective Defense-Grade Security IP Module for COTS Modular Open Systems
Media
Computer Hardware's Role in Securing Operating Systems and Hypervisors in Trusted Computing Applications
Media
Trends in Trusted Computing and Network Security in Aerospace and Defense Embedded Computing Applications
Media
Trusted Computing for Defense & Aerospace Article eBook
Media
No results found.
White papers
Beyond Trusted Computing
White papers
The Root of Trust: A Foundation for Trusted Computing
White papers
Trusted Boot
White papers
TrustedCOTS: Leading the Way to Secure Systems
White papers
Trends in Network Cybersecurity
White papers
The Impact of Protecting I/O Interfaces on System Performance
White papers
Getting Secure, Intel-Based Solutions to Market Faster - Why the Hardware Vendor’s Boot Security Implementation Is So Important
White papers
Cybersecurity Trends in Aerospace and Defense Applications
White papers
Data Protection with the NXP QorIQ Platform Trust Architecture
White papers
Introduction to COTS-based Trusted Computing
White papers
Hardware Features for Maintaining Security During Operation
White papers
Considering the Role of Hardware in Securing OS and Hypervisor Operation
White papers
Trusted Computing White Paper: Application Development, Testing, and Analysis for Optimal Security
White papers
Developing a Secure COTS-Based Trusted Computing System
White papers
Decomposing System Security Requirements
White papers
Establishing a Trusted Supply Chain
White papers
Certification Authorities for Trusted Computing in Military and Avionics Products
White papers
International Certification Authorities for Trusted Computing
White papers
Optimizing Cybersecurity on Today's Connected Military and Commercial Aircraft