cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Flyslinger2
Community Champion

Security in procurement.

In a recent conversation with my DoD customer I mentioned the need for security to be stipulated, starting with the procurement cycle and through delivery and into distribution.  He was in disbelief that I thought security should start before procurement.

 

Apparently others are thinking similar to me.  I had this conversation with him a couple weeks ago before this article was published.

1 Reply
N_Bakewell
Newcomer II

Well he is sadly behind the times.  Security - in particular software security - is indeed part of the procurement process nowadays.  Software Assurance (SwA) terminology has been part of the DoD acquisition process since the National Defense Authorization Act of FY13, and is a defined process controlled by the Deputy Assistant Secretary of Defense for Systems Engineering.  It should be in all new RFPs, and if the contract pre-dates this, should be included in all continuing contract mod/extensions.  It should be evident extensively in the DoD Architectural Framework (DoDAF) diagrams, which of course are created and evaluated before any actual code is written (or should i say, SHOULD be).