PRESS RELEASE
McLean, Virginia and Bedford, Massachusetts, April 25, 2024 — By MITER Cyber Resilience Engineering Framework (CREF) NavigatorTM. now incorporates the US Department of Defense Cybersecurity Maturity Model Certification (CMMC) This way Defense Industrial Base (DIB) cybersecurity engineers can strengthen supply chain resilience against sophisticated cybersecurity attacks. The CREF Navigator aligns with NIST SP 800-171, the National Institute of Standards and Technology (NIST) publication designed to safeguard Controlled Unclassified Information (CUI), and the subset of NIST SP 800-172 that aligns with the Proposed CMMC Level 3 model that has 24 of 34 security requirements addressing more sophisticated cybersecurity attacks.
“Our national security depends on the security of our defense systems and the supply chains to enable that defense,” said Wen Masters, vice president, information technologies, MITER. “Throughout the supply chain, there is a need for accountability to follow appropriate security requirements to build a resilient system. Resilience in the face of a cyber attack is not a quick fix. Resilience must be designed before an accident.”
MITER, in collaboration with NIST, created the original cyber resilience framework, NIST SP 800-160, Volume 2 (Rev. 1). The CREF Navigator, which debuted in early 2023, makes the NIST framework searchable and visualized. With the tool, engineers can make conscious and informed choices when designing resilient computing solutions. In addition to pairing with CMMC, CREF Navigator also aligns with the MITER ATT&CK® tactics and techniques knowledge base and Cyber Model-Based Systems Engineering (MBSE) for cyber threat modeling.
“To allow cyber engineers to customize the tool to their individual needs, we have enhanced CREF Navigator so users can create their own scenarios and apply different threat parameters and techniques,” said Shane Steiger, principal security engineer computer science, MITER. “No matter how you store your security data, you can import it into CREF Navigator via a .csv file, and the data view can be exported back to a .csv file. We will add enhancements for Zero Trust architectures later this year.”
Like many of the MITER resources for cyber defenders developed in the public interest, CREF Navigator is available free of charge to the broader cyber community. See the CREF Navigator in action on https://CREFNavigator.mitre.org.
About MITRA
MITER’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and as an operator of federally funded research and development centers, we work across government and in collaboration with industry to address challenges to our nation’s security, stability and well-being. Find out more about miter.org.