Sign up to save your podcasts
Or
Share Becoming A CNA—Myths versus Facts
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Becoming A CNA—Myths versus Facts
Host Shannon Sabens of CrowdStrike chats with Julia Turkevich of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about the myths and facts of partnering with the CVE Program as a CVE Numbering Authority (CNA).
Truth and facts about the following myths are discussed:
Myth #1: Only a specific category of software vendors can become CNAs.
Myth #2: Organizations cannot leverage their existing vulnerability management and disclosure processes when they become a CNA.
Myth #3: The requirements for becoming a CNA are overwhelming and extensive.
Myth #4: A fee is required to become a CNA.
Myth #5: The CNA onboarding process is too complicated and time-consuming.
Myth #6: Organizations cannot choose the Top-Level Root or Root they want to work with.
The purpose and overall structure of the CVE Program and CISA's role in recruiting and managing CNAs within its Top-Level Root scope of industrial control system (ICS) and operation technology (OT) are also discussed.
LINKS:
- How to Become a CNA
- CNA Onboarding Process Overview
- CVE Program Structure
- CISA ICS Top-Level Root partner details page
- List of CVE Program Partners
View all episodes
By CVE Program
5
22 ratings
Host Shannon Sabens of CrowdStrike chats with Julia Turkevich of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about the myths and facts of partnering with the CVE Program as a CVE Numbering Authority (CNA).
Truth and facts about the following myths are discussed:
Myth #1: Only a specific category of software vendors can become CNAs.
Myth #2: Organizations cannot leverage their existing vulnerability management and disclosure processes when they become a CNA.
Myth #3: The requirements for becoming a CNA are overwhelming and extensive.
Myth #4: A fee is required to become a CNA.
Myth #5: The CNA onboarding process is too complicated and time-consuming.
Myth #6: Organizations cannot choose the Top-Level Root or Root they want to work with.
The purpose and overall structure of the CVE Program and CISA's role in recruiting and managing CNAs within its Top-Level Root scope of industrial control system (ICS) and operation technology (OT) are also discussed.
LINKS:
- How to Become a CNA
- CNA Onboarding Process Overview
- CVE Program Structure
- CISA ICS Top-Level Root partner details page
- List of CVE Program Partners
More shows like We Speak CVE
View all
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
634 Listeners