Mapping the FFIEC Cybersecurity Assessment Tool (CAT) to the CRR
To help financial institutions assess their cyber resilience, we mapped FFIEC CAT statements to Cyber Resilience Review (CRR) questions.
SEI Book Series in Software Engineering
Our SEI researchers write books covering software engineering topics for this series of books published by Addison-Wesley Professional.
SQUARE for Mobile Platforms
Learn how an extension to the SQUARE process was proposed and how applying it to the Android K-9 Mail application developed new requirements for combating malware.
Engage with Us
We can help you with your security and software assurance needs in a number of ways.
CERT Is Hiring
Your top-notch skills and knowledge can help us make a difference in our nation’s cybersecurity. Explore our career opportunities today.
Our Mission: We address security, software assurance, and survivability throughout the development and acquisition lifecycles by creating methods, solutions, and training that can be integrated into your existing practices.
Organizations that have focused on security in the early stages have seen major reductions in operational vulnerabilities, resulting in reductions in software patching. Our research from one case study showed that the cost to fix requirement problems identified later in the project cost close to $2.5 million; the cost to fix these problems early in the lifecycle was $0.5 million. In addition, Microsoft's own data show that when security was considered throughout the Windows Vista development lifecycle, vulnerabilities were reduced by 45%.
The CERT Cybersecurity Engineering team addresses security and survivability throughout the development and acquisition lifecycles, especially in the early stages. Our products and curricula can be integrated into your existing practices.