An internal National Security Agency (NSA) research and development project created a new framework that emphasized two approaches. In the first, regular feedback is provided to developers about how various system design choices might cascade and ultimately impact security compliance. In the second, an automated continuous diagnostics and mitigation (CDM) capability was introduced. With this framework, a system automatically monitors itself to verify that it is correctly enforcing security policies. If inconsistencies are detected, it would automatically self-remediate back to the authorized state.
The result of this effort is called the System Integrity Management Platform, or “SIMP”, which has proven successful for organizations inside and outside of government to significantly reduce the time needed to deploy new technology or, for government projects, achieve Certification & Accreditation (C&A).
Sign up to download System Integrity management Platform
