The mission of the DoD Joint Federated Assurance Center (JFAC) is to promote software and hardware assurance in defense acquisition programs, systems and supporting activities. This presentation will review the JFAC sponsored effort to provide program managers with a guidebook for “engineering-in” software assurance into defense systems during the entire system acquisition lifecycle. Software assurance (SwA) is the “level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software, throughout the life cycle.” The latest January 2017 change to Department of Defense (DoD) Instruction (DoDI) 5000.02, Operation of the Defense Acquisition System, includes a new enclosure on cybersecurity that outlines several actions DoD acquisition Program Managers (PMs) should (but not must) implement to ensure system security and related program security across the acquisition, sustainment, and operation life cycle. Software vulnerability and exploitation are the root cause of a majority of computer security problems due in part to the increasing complexity and usage of software in our nation’s defense systems and the increasing amount of latent defects and vulnerabilities contained in the aggregate software. Unfortunately due to the dynamics of their job, program managers often do not fully comprehend the magnitude of the threat/risks associated with software assurance issues in their systems or for either the legacy or modern systems their system will interface to achieve mission effectiveness.