CERT Mission: Anticipating and Solving the Nation’s Cybersecurity Challenges

NEWS

CERT Division at a Glance

Software Engineering Institute

We were there for the first internet security incident and we’re still here more than 25 years later. Only now, we’ve expanded our expertise from incident response to a comprehensive, proactive approach to securing networked systems. The CERT Division is part of the Software Engineering Institute, which is based at Carnegie Mellon University. We are the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and are a national asset in the field of cybersecurity.

Learn More About the CERT Division:

RECENT VULNERABILITIES

PUBLICATIONS

  • The CISO Academy In this paper, the authors describe the project that led to the creation of the U.S. Postal Service's CISO Academy. White Paper - 02/23/2017
  • Supply Chain and Commercial-off-the-Shelf (COTS) Assurance The Software Engineering Institute can help your organization apply techniques to reduce software supply chain risk. White Paper - 01/24/2017
  • SQUARE Frequently Asked Questions (FAQ) This paper contains information about SQUARE, a process that helps organizations build security into the early stages of the software production lifecycle. White Paper - 01/05/2017

EVENTS

Blogs

Five Perspectives on Scaling Agile

Five Perspectives on Scaling Agile

02/20/2017 - Will Hayes

The Secure

The Secure "Hello World"

02/16/2017 - Aaron Volkmann

Are We Creating Organizational Debt?

Are We Creating Organizational Debt?

02/13/2017 - Linda Parker Gates

Podcasts

Establishing Trust in the Wireless Emergency Alerts Service

Becoming a CISO: Formal and Informal Requirements

In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today’s fast-paced cybersecurity field. Podcast - 10/19/2016
Establishing Trust in the Wireless Emergency Alerts Service

Global Value Chain – An Expanded View of the ICT Supply Chain

In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain. Podcast - 07/18/2016
Establishing Trust in the Wireless Emergency Alerts Service

Intelligence Preparation for Operational Resilience

In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR. Podcast - 06/21/2016