InfoBeyond recently completed CUBE: RMF (Risk Management Framework) Rubik's CUBE. Such tool facilitates the NIST SP 800-53 controls with inclusion of FISMA metrics, NIST CSF standards, and CSA CCM.
As part of federal RMF, NIST developed security and privacy risk management standards and guidelines (e.g., SP 800-53) that assist agencies in implementing integrated, organization-wide programs to manage information security risk as mandated by the Federal Information Systems Management Act (FISMA) to strengthen the cybersecurity of an information system. In order to facilitate this matter, NIST further prototyped a tool namely, Cloud Security Architecture Tool (CSAT) software tool. Particularly, CSAT tool is projected to help agencies to properly configure the information system with necessary functional capabilities and controls systematically. In 2018, InfoBeyond has been awarded to improve CSAT with NIST CSAT team, which is leaded by Dr. Michaela Iorga. Dr.Iorga is the NIST Director in ITL SURF Program, Senior Security Technical Lead for Cloud Computing, Co-Lead in OSCAL project in Secure System and Applications Group 773.03, Computer Security Division, Information Technology Laboratory (ITL), NIST. As a result of collaborative efforts with NIST, InfoBeyond developed a viable CUBE tool that provides comprehensive functions to architecture an information system in compliance with NIST and Federal Standards.
Infobeyond also has participated and developed the NIST OSCAL program. The newly-introduced CUBE supports OSCAL-powered SSP generation for enhancing security planning, auditing, and assessment in an automatic way.
InfoBeyond has worked closely with Dr. Iorga to model the SP800-53 controls precisely into a digital form. The design of modeling CUBE was drafted carefully with NIST Dr. Iorga and her team. InfoBeyond further achieves the CUBE in the commercial-grade user interface experience and industry-powered security application platform.
While working closely with Dr. Iorga, Dr. Yi Max Huang from InfoBeyond has been leading a brilliant engineering team for the CUBE development. CUBE has improved its database connectivity and user interface to provide a high-confidence level of providing the information system guideline, especially in a cloud computing system through web-based user interactive questionnaires. CUBE now has capabilities of generating OSCAL SSP. It helps to broaden NIST RMF adaption in various platforms like in general IT, cloud computing, industrial physical control network, etc. CUBE implements a Paperless procedure to select and specify the RMF security controls as part of an organization-wide information security program. Security control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations.