search menu icon-carat-right cmu-wordmark

Archive: June 2020

Detecting Mismatches in Machine-Learning Systems

Detecting Mismatches in Machine-Learning Systems

• SEI Blog
Grace Lewis

The use of machine learning (ML) could improve many business functions and meet many needs for organizations. For example, ML capabilities can be used to suggest products to users based on purchase history; provide image recognition for video surveillance; identify spam email messages; and predict courses of action, routes, or diseases, among others. However, in most organizations today (with the exception of large high-tech companies, such as Google and Microsoft), development of ML capabilities is...

Read More
Beyond NIST SP 800-171: 20 Additional Practices in CMMC

Beyond NIST SP 800-171: 20 Additional Practices in CMMC

• SEI Blog
Andrew Hoover

Katie Stewart co-authored this blog post. In November, defense contractors will be required to meet new security practices outlined in the Cybersecurity Maturity Model Certification (CMMC). As this post details, while the primary source of security practices in the CMMC is NIST Special Publication 800-171, the CMMC also includes 20 additional practices beyond 800-171 at levels 1-3. These 20 practices are intended to make DoD contractors more security conscious. Supply chain attacks are increasing at...

Read More
KalKi: Solution for High Assurance Software-Defined IoT Security

KalKi: Solution for High Assurance Software-Defined IoT Security

• SEI Blog
Sebastian Echeverria

Commercial Internet of things (IoT) devices are evolving rapidly, providing new and potentially useful capabilities. These devices can be a valuable source of data for improved decision making, so organizations that want to remain competitive have powerful motivations to embrace them. However, given the increasing number of IoT vulnerability reports, there is a pressing need for organizations to integrate IoT devices with high assurance, especially for systems with high security and safety requirements. In this...

Read More
COVID-19 and Supply-Chain Risk

COVID-19 and Supply-Chain Risk

• SEI Blog
Nathaniel Richmond

Managing supply-chain risks from the new coronavirus outbreak is personally important to me. While my first concern--like everyone else's--is mitigating the direct public-health risk of the COVID-19 pandemic, I have a salient concern about the health-related risks that could be introduced if the global manufacturing supply chain for medical devices is disrupted: I'm a Type I diabetic who relies on a continuous glucose monitor (CGM) device to monitor my blood sugar and an insulin pump...

Read More
Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurity

Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurity

• SEI Blog
Andrew Hoover

Katie Stewart co-authored this blog post. Process maturity represents an organization's ability to institutionalize their practices. Measuring process maturity determines how well practices are ingrained in the way work is defined, executed, and managed. Process maturity represents an organization's commitment to and consistency in performing these practices. A higher degree of process institutionalization contributes to more stable practices that are able to be retained during times of stress. In the case of cybersecurity, having mature...

Read More