Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Flyslinger2
Community Champion
‎08-17-2018 09:38 AM
‎08-17-2018 09:38 AM

Security in procurement.

In a recent conversation with my DoD customer I mentioned the need for security to be stipulated, starting with the procurement cycle and through delivery and into distribution.  He was in disbelief that I thought security should start before procurement.

 

Apparently others are thinking similar to me.  I had this conversation with him a couple weeks ago before this article was published.

Reply
0 Kudos
1 Reply
N_Bakewell
Newcomer II
‎08-17-2018 02:30 PM
‎08-17-2018 02:30 PM

Well he is sadly behind the times.  Security - in particular software security - is indeed part of the procurement process nowadays.  Software Assurance (SwA) terminology has been part of the DoD acquisition process since the National Defense Authorization Act of FY13, and is a defined process controlled by the Deputy Assistant Secretary of Defense for Systems Engineering.  It should be in all new RFPs, and if the contract pre-dates this, should be included in all continuing contract mod/extensions.  It should be evident extensively in the DoD Architectural Framework (DoDAF) diagrams, which of course are created and evaluated before any actual code is written (or should i say, SHOULD be).

Reply