MITRE has integrated the US Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) into the Cyber Resiliency Engineering Framework (CREF) Navigator to enhance supply chain resilience for the Defense Industrial Base (DIB) against cyber attacks.
Description
The CREF Navigator aligns with NIST SP 800-171 and a subset of SP 800-172 that corresponds to the proposed CMMC Level 3 model [1] [3], addressing 24 of the 34 security requirements for advanced cyber threats [1] [3]. The tool also integrates with MITRE ATT&CK knowledge base and Cyber Model-Based Systems Engineering for threat modeling [1] [3]. Users can customize scenarios and import/export security data [1] [3], with upcoming enhancements for Zero Trust Architectures [3]. Launched in 2023 [2], the CREF Navigator visually represents elements of NIST SP 800-160 Volume 2 Revision 1 [2], developed in collaboration with NIST [2]. The tool now includes the relationship between NIST SP 800-160 Volume 2 (Rev 1) [2], NIST SP 800-171 [1] [2] [3], and NIST SP 800-172 aligned with CMMC [2], as well as cybersecurity frameworks like MITRE ATT&CK and Cyber Model-Based Systems Engineering for threat modeling [2]. Enhancements to CREF Navigator allow engineers to customize scenarios with different threat parameters [2].
Conclusion
The integration of CMMC into the CREF Navigator enhances supply chain resilience for the Defense Industrial Base against cyber attacks. By aligning with NIST standards and incorporating advanced threat modeling capabilities, the tool provides a comprehensive solution for addressing cybersecurity challenges. Future enhancements [1], such as support for Zero Trust Architectures, will further strengthen the tool’s capabilities in mitigating cyber threats and improving overall cybersecurity posture.
References
[1] https://zephyrnet.com/mitres-cyber-resiliency-engineering-framework-aligns-with-dod-cyber-maturity-model-cert/
[2] https://executivegov.com/2024/04/mitre-updates-cyber-resiliency-engineering-framework-navigator-to-align-with-cmmc/
[3] https://www.darkreading.com/threat-intelligence/mitre-s-cyber-resiliency-engineering-framework-aligns-with-dod-cyber-maturity-model-cert
