Alignment of MITRE’s Cyber Resiliency Engineering Framework with DoD Cyber Maturity Model Certification

Published:

MITRE Introduces Cyber Resiliency Engineering Framework Navigator with CMMC Integration for Defense Industrial Base

MITRE, a trusted organization known for its cybersecurity expertise, has announced a significant update to its Cyber Resiliency Engineering Framework (CREF) NavigatorTM. This latest version now incorporates the US Department of Defense’s Cybersecurity Maturity Model Certification (CMMC), allowing cybersecurity engineers for the Defense Industrial Base (DIB) to enhance supply chain resilience against advanced cyber threats.

The CREF Navigator, which aligns with NIST SP 800-171 and the subset of NIST SP 800-172 corresponding to the proposed CMMC Level 3 model, features 24 out of the 34 security requirements aimed at addressing sophisticated cybersecurity attacks. This integration ensures that defense systems and supply chains are equipped with the necessary cybersecurity measures to withstand potential threats.

Wen Masters, Vice President of Cyber Technologies at MITRE, emphasized the importance of building resilience within the supply chain to safeguard national security. She highlighted the need for accountability in adhering to security requirements throughout the entire supply chain, emphasizing that resilience must be engineered proactively rather than reactively.

The CREF Navigator, originally developed in collaboration with NIST through the NIST SP 800-160 framework, provides engineers with a searchable and visualized tool to make informed decisions when designing cyber solutions. In addition to its alignment with CMMC, the CREF Navigator connects with the MITRE ATT&CK® knowledge base and Cyber Model-Based Systems Engineering (MBSE) for cyber threat modeling.

MITRE continues to offer its resources, including the CREF Navigator, to the public cybersecurity community for free. To learn more about this powerful tool, visit https://CREFNavigator.mitre.org and explore its capabilities in strengthening cybersecurity defenses.

Related articles

Recent articles