CSIAC

Cyber Security and Information Systems Information Analysis Center

/ All Podcast Series / / Systems Engineering Challenges for Integrating Software Assurance into Defense Systems Throughout the System Acquisition Lifecycle

- Systems Engineering Challenges for Integrating Software Assurance into Defense Systems Throughout the System Acquisition Lifecycle

| 12 Comments

Notice: This podcast video may contain personal or third-party views and opinions not associated with the government.
Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/

The mission of the DoD Joint Federated Assurance Center (JFAC) is to promote software and hardware assurance in defense acquisition programs, systems and supporting activities. This presentation will review the JFAC sponsored effort to provide program managers with a guidebook for “engineering-in” software assurance into defense systems during the entire system acquisition lifecycle. Software assurance (SwA) is the “level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software, throughout the life cycle.” The latest January 2017 change to Department of Defense (DoD) Instruction (DoDI) 5000.02, Operation of the Defense Acquisition System, includes a new enclosure on cybersecurity that outlines several actions DoD acquisition Program Managers (PMs) should (but not must) implement to ensure system security and related program security across the acquisition, sustainment, and operation life cycle. Software vulnerability and exploitation are the root cause of a majority of computer security problems due in part to the increasing complexity and usage of software in our nation’s defense systems and the increasing amount of latent defects and vulnerabilities contained in the aggregate software. Unfortunately due to the dynamics of their job, program managers often do not fully comprehend the magnitude of the threat/risks associated with software assurance issues in their systems or for either the legacy or modern systems their system will interface to achieve mission effectiveness.

Download Associated Files:
You must be logged in to download files associated with this video podcast. Click here to login.

Reader Interactions

Ask a Question or Comment:

  2. This question was asked during the webinar:

    SE focused on eliminating vulnerabilities – How about zero day vulnerabilities that are not foreseen or known but after their adverse impact?

  4. This question was asked during the webinar:

    How does the intertwined focus on Cybersecurity and Software Assurance address Risk Management given increasing focus of Cybersecurity on Risk Management?

  6. This question was asked during the webinar:

    Has this guide book been produced because the JFAC has determined that too many DoD programs do not have document processes and are not able to quantify their software assurance?

  7. This question was asked during the webinar:

    So does the guidebook address the challenges found when integrating software assurance into Defense systems throughout the system acquisition?

  9. This question was asked during the webinar:

    Roles obfuscates Results. Assurance (noun) means results. How do you quantify Guidebook Assurance? How was Guidebook Assurance level determined?

  11. This question was asked during the webinar:

    Are you collaborating with other Federal and Defense agencies? Specifically the USAF AFLCMC Cyber Resiliency Office for Weapons Systems (CROWS)?

Leave a Comment