Analysis of Mission Based Cyber Risk Assessments (MBCRAs) Usage in DoDs Cyber Test and Evaluation

De Naray, Rachel K.; Buytendyk, Allyson M.

Analysis of Mission Based Cyber Risk Assessments (MBCRAs) Usage in DoDs Cyber Test and Evaluation

Active / Technical Report | Accesssion Number: AD1203757 |

Open PDF

Abstract:

Mission based cyber risk assessments (MBCRAs) are methodologies used to identify, estimate, assess and prioritize cybersecurity risks for hardware and information systems being employed in operations. Current Department of Defense (DoD) policy does not provide any guidance on how to evaluate the quality of mission-based cyber risk assessment methodologies; nor does it define specific criteria to examine or results that must be generated by MBCRAs to inform system security decisions. This Institute for Defense Analyses (IDA) developed a 30 question survey to better understand the use of and needs from MBCRAs across DoDs cyber test and evaluation community and analyzed the responses. This analysis provides information in an on-going effort to inform DoDs development of evaluation criteria for MBCRA methodologies.

Author(s):

De Naray, Rachel K. ; Buytendyk, Allyson M.

Author Organization(s):

INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA

Funding Organization(s):

Director, Developmental Test, Evaluation, and Assessments, Washington , DC

Document Type:

Technical Report/Final Report

Publication Date:

2022 Jun 01

Pagination:

49

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release

RECORD

Collection: TRECMS

Identifying Numbers

Contract Number(s):

HQ0034-19-D-0001

Project Number(s):

AX-1-3100

Subject Terms

Modernization Areas:

Cyber

Communities of Interest:

No COI(s) Identified

Descriptor(s):

test and evaluation, risk analysis, risk, vulnerability, cybersecurity, contracts, department of defense, security, business administration, communities, test methods, contractors, governments, standards, availability, developmental tests, engineering

Keyword(s):

mbcras(Mission based cyber risk assessments)

Subject Categories:

Mathematical and Computer Sciences

Creation Date:

2023 Jun 20

Update Date:

2023 Jul 13