Articles

Challenges of Risk Management Framework for Cyber Security and Trusted Computing in Embedded Computing

January 27, 2021

Published in Military & Aerospace Electronics
Written by Steve Edwards of Curtiss-Wright and Richard Jaenicke of Green Hills Software

The Risk Management Framework (RMF) is a U.S. federal government policy and set of standards developed by the National Institute of Standards and Technology (NIST) in Gaithersburg, Md., for the assessment and authorization of mission systems.

Given that systems typically are an integration of several products, using component products that meet functional and assurance security requirements, such as Common Criteria (CC) protection profiles, can streamline assessing the integrated system.

Increasingly, U.S. military programs are using RMF to address cyber security and trusted-computing requirements, and for some systems, it is required to get an Approval to Operate (ATO). Because RMF is a system-level certification, it is for certifying whole systems -- not just an individual component.

This includes all the hardware and software in that system, and there are some steps that system designers can take for board-level hardware and software components to make RMF certification easier.

Getting started with RMF

The RMF establishes security and privacy controls for systems and organizations. It contains more than 800 controls to select from, many of which don't apply to embedded systems. It is up to the program office or federal agency to go through all the RMF controls and determine which apply. The RMF controls come in a series of NIST and Federal Information Processing Standards (FIPS) documents:

  • NIST SP 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems;
  • NIST SP 800-53: Security and privacy controls for Federal Information Systems and Organizations; and
  • FIPS 199: Standards for Security Categorization of Federal Information and Information Systems.

Read the full article.

Share This Article

  • Share on Linkedin
  • Share on Twitter
  • Share on Facebook
  • Share on Google+
Want to add a comment? Please login
Loading...
Connect With Curtiss-Wright Connect With Curtiss-Wright Connect With Curtiss-Wright
Sales

CONTACT SALES

Contact our sales team today to learn more about our products and services.

YOUR LOCATION

PRODUCT INFORMATION

Support

GET SUPPORT

Our support team can help answer your questions - contact us today.

REQUEST TYPE

SELECT BY

SELECT Topic