Interactive Science through Technology Enhanced Play (iSTEP)

The Principles-based Assessment for Cybersecurity Toolkit (PACT)

Daniel Hickey

The Principles-based Assessment for Cybersecurity Toolkit (PACT) is a tool for assessing the toughest cybersecurity problems. CACR chief policy analysts developed the tool in collaboration with NSWC Crane. As a naval installation, Crane uses technologies that many would consider atypical, and which require custom cybersecurity solutions. PACT provides cybersecurity professionals with guidance to efficiently develop custom cybersecurity solutions for unusual environments in the naval environment and operational technologies like control systems.

The assessment methodology is PACT: the Principles-based Assessment for Cybersecurity Toolkit. PACT was developed through a collaboration between CACR and Naval Surface Warfare Center Crane Division, and systematizes the art of cybersecurity assessment. PACT supports a standardized process for utilizing a team of cybersecurity subject matter experts to provide prioritized, actionable cybersecurity recommendations based on first principles. PACT does so by structuring the core assessment around the Information Security Practice Principles (ISPPs), a product of CACR, allowing for the assessment to be conducted on any assessment target, at any point in its lifecycle.