论文信息 - Assuring Software Systems Security: Life Cycle Considerations for Government Acquisitions

Assuring Software Systems Security: Life Cycle Considerations for Government Acquisitions

When systems are built under government contract, the acquirer and contractor share responsibility for the outcome, not only in terms of cost, schedule, and performance, but also with respect to quality attributes such as security. Using an acquisition life cycle framework, this article identifies acquirer activities, products, and resources that are necessary to establish and support contractor efforts to build secure software-intensive systems. ACKNOWLEDGMENTS: Contributions and reviews by Kristi Keeler, Gary McGraw, Nancy Mead, Tim Morrow, and Stan Wisseman are gratefully acknowledged. Errors and omissions are the author’s.

[1] William C. Barker. Guideline for Identifying an Information System as a National Security System , 2003 .

[2] Hubert F. Hofmann,et al. Adapting CMMI for Acquisition Organizations: A Preliminary Report , 2006 .

[3] Barry W. Boehm,et al. Some future trends and implications for systems and software engineering processes , 2006, Syst. Eng..

[4] Robert M. Flowe,et al. Joint Capabilities and System-of-Systems Solutions: A Case for Crossing Solution Domains , 2006 .

[5] David Carney,et al. Identifying Commercial Off-the-Shelf (COTS) Product Risks: The COTS Usage Risk Evaluation , 2003 .

[6] Suellen Eslinger,et al. Software Acquisition Best Practices: Experiences From the Space Systems Domain , 2004 .

[7] Marianne Swanson,et al. SP 800-18 Rev. 1. Guide for Developing Security Plans for Federal Information Systems , 2006 .

[8] Robert J. Ellison,et al. Acquisition Overview: The Challenges , 2014 .