As creators of the well-known ATT&CK framework, the MITRE name is synonymous with cybersecurity. On April 19, 2024, MITRE issued a news release stating that in January 2024, their Network Experimentation and Research Environment (NERVE) had been breached by a
Introduction As information is increasingly accessible online, the number of cybersecurity attacks, threats, and breaches continue to grow. From hackers pretending to be someone else for financial gain to major companies falling victim to ransomware, being able to achieve cyber
Continuous Authorization, or cATO, can mean different things depending on context. In the federal public sector, I’ve encountered numerous strategies and interpretations. Human-Driven Assessments: The Traditional ApproachTraditionally, authorization assessments have been human-driven. We’ve explored continuous approaches, which typically involves increasing
NIST’s held their 3rd Open Security Controls Assessment Language (OSCAL) Workshop earlier this month, and it was abundantly clear from the content and participation that the OSCAL standard and community has gained momentum and has a real opportunity to revolutionize
I’ve been fortunate enough to have been involved with open standards and open source communities for most of my career, and I couldn’t be more excited to continue that tradition with Easy Dynamics. I’d like to give a little bit of
