CreatorTim Ramey
Description
During ACD events, the test team may be able to directly show what the mission impacts are from exploited vulnerabilities. If the test team is unable to fully execute an attack due to test limitations and ROE, further study such as an MBCRA/CTT, may be required (by system engineers, testers, operator/defender representatives, and security experts) to estimate what the adversary might be able to accomplish. No all exploitable vulnerabilities are mission impacting and the cybersecurity evaluation should properly categorize those vulnerabilities separately from mission impacting vulnerabilities to support the AO's ATO decision.Owning Diagram A43: Conduct ACD and Document Results
updated tactics and targetting