Acquisition Overview: The Challenges

Similar documents
Introduction to Software Product Lines Patrick Donohoe Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213

A Case Study: Experiences with Agile and Lean Principles

Designing the Infrastructure for an Enterprise IT System

Effective Reduction of Avoidable Complexity in Embedded Systems

CERT Resilience Management Model, Version 1.2

CARNEGIE MELLON UNIVERSITY

Improving Acquisition in Government Requirements Management Leading Practices: CMMI-ACQ Visualization

Reducing Architecture Complexity with AADL

CERT Resilience Management Model, Version 1.2

An Introduction to Influence Maps: Foundations, Construction, and Use

Supply-Chain Risk Analysis

Complexity and Software: How to Meet the Challenge. NDIA CMMI Technology Conference

Measuring What Matters Lisa Young

Architecture-Centric Procurement

System-of-Systems Influences on Acquisition Strategy Development

Oh No, DevOps is Tough to Implement!

Defining a Maturity Scale for Governing Operational Resilience

Incremental Lifecycle Assurance of Critical Systems

Achieving Agility and Stability in Large-Scale Software Development. Ipek Ozkaya Senior Researcher, Research, Technology, and System Solutions Program

Supporting Safety Evaluation Process using AADL

Safety Evaluation with AADLv2

It Takes an Ecosystem Gary Chastek John D. McGregor

The Business Case for Systems Engineering: Comparison of Defense-Domain and Non- Defense Projects

Adapting Agile to the. Framework. Mary Ann Lapham, PMP, CSM Principal Engineer Software Engineering Institute

Methodology for the Cost Benefit Analysis of a Large Scale Multi-phasic Software Enterprise Migration

TSP Performance and Capability Evaluation (PACE): Customer Guide

Agile In Government: A Research Agenda for Agile Software Development

OSATE overview & community updates

OCTAVE -S Implementation Guide, Version 1.0. Volume 9: Strategy and Plan Worksheets. Christopher Alberts Audrey Dorofee James Stevens Carol Woody

What Metrics Should a CSIRT Collect to Measure. Success?

The Business Case for Systems Engineering: Comparison of Defense-Domain and Non- Defense Projects

Security Measurement and Analysis

Designing Collaborative Systems of Systems in support of Multi-sided Markets

Architecture-led Incremental System Assurance (ALISA) Demonstration

I ve Evaluated My Architecture. Now What?

Risk and Resilience: Considerations for Information Security Risk Assessment and Management

Understanding Model Representations and Levels: What Do They Mean?

Agile Development and Software Architecture: Understanding Scale and Risk

Agile Security Review of Current Research and Pilot Usage

Finding a Vendor You Can Trust in the Global Marketplace

Driving Out Technical Risk by Blending Architecture, Process, and Project Discipline

CMMI Version 1.2. Model Changes

Analyzing and Evaluating Enterprise Architectures John Klein Senior Technical Staff

Software in System Engineering: Affects on Spacecraft Flight Software

Practical Risk Management: Framework and Methods

Arcade Game Maker Pedagocical Product Line

Systems and software engineering Software life cycle processes

This document is a preview generated by EVS

CMMI Version 1.3: Are you Ready for Release?

Implementing Product Development Flow: The Key to Managing Large Scale Agile Development

The Method Framework for Engineering System Architectures (MFESA)

Acquisition & Management Concerns for Agile Use in Government Series. Agile Culture in the DoD

Creating a Computer Security Incident Response Team Action Plan

A Software Product Line Vision for Defense Acquisition

Integrated Environment for Development and Assurance

Acquisition & Management Concerns for Agile Use in Government Series. Agile Development and DoD Acquisitions

CERT Resilience Management Model Capability Appraisal Method (CAM) Version 1.1

Complexity and Safety (FAA) SEI Board of Visitors. Sarah Sheard, Team Lead Team: Mike Konrad, Chuck Weinstock, Bill Nichols, Greg Such

Prioritizing IT Controls for Effective, Measurable Security

Best Practice Information Aids for CMMI SM -Compliant Process Engineering

Achieving Quality Requirements with Reused Software Components:

Given the competitive importance of

An Overview of Software Process

Fall 2014 SEI Research Review. Team Attributes &Team Performance FY14-7 Expert Performance and Measurement

Designing Collaborative. support of Multi-sided Markets. Philip Boxer, Software Engineering Institute Dr Nicholas J. Whittall, 28 th October 2009

Use and Organizational Impact of Process Performance Modeling in CMMI High Maturity Organizations

IEEE s Recommended Practice for Architectural Description

Evaluating CSIRT Operations

Fall 2014 SEI Research Review Edge-Enabled Tactical Systems (EETS)

Contents. viii. List of figures. List of tables. OGC s foreword. 6 Organizing for Service Transition 177. Chief Architect s foreword.

Capability Maturity Model

Lecture 1. In practice, most large systems are developed using a. A software process model is an abstract representation

Software Processes 1

The Smart Grid Maturity Model & The Smart Grid Interoperability Maturity Model. #GridInterop

Planning a Project Using the Oracle Unified Method (OUM) An Iterative and Incremental Approach. An Oracle White Paper February 2011

Boldly Going Where Few Have Gone Before SCAMPI SM C Appraisal Using the CMMI for Acquisition

Creating a Computer Security Incident Response Team Attendee Workbook

Formulation of a Production Strategy for a Software Product Line

INTERNATIONAL STANDARD

Software Quality Engineering Courses Offered by The Westfall Team

We Have All Been Here Before

Software Engineering

Software Quality Engineering Courses Offered by The Westfall Team

The Method Framework for Engineering System Architectures (MFESA)

Principles of Procurement for High- Technology Systems

Dr. Nader Mehravari Research Scientist, CERT Division

Software Engineering. Lecture 7: CMMI

MEASURING PROCESS CAPABILITY VERSUS ORGANIZATIONAL PROCESS MATURITY

Capability Maturity Model Integration (CMMI) V1.3 and Architecture-Centric Engineering

Probabilistic Macro-Architectural Decision Framework

NEW! The Project Manager & The Business Analyst. by Barbara A. Carkenord, CBAP, PMP, PMI-ACP

Best Practices for Service Providers And Clients: Improving and Assessing an Organization s Sourcing Capabilities DC SPIN May 2, 2012

2018 CMMI Institute 1

Architecture Support for Testing

SMART: Analyzing the Reuse Potential of Legacy Components in a Service-Oriented Architecture Environment

Integration and infrastructure software Executive brief May The business value of deploying WebSphere Portal software in an SOA environment.

Arcade Game Maker Pedagogical Product Line: Business Case

From Virtual System Integration to Incremental Lifecycle Assurance

The Potential for Lean Acquisition of Software Intensive Systems

A Taxonomy of Operational Risks

Transcription:

Acquisition Overview: The Challenges Rita Creel Robert J. Ellison June 2007 ABSTRACT: The challenges of acquiring software-intensive systems continue to grow along with the increasingly critical role software plays in supporting commercial and government enterprise, business, and mission needs. In addition to expanding functionality and complexity, mounting expectations for software systems to be flexible and interoperable add to acquisition challenges, notably in terms of ensuring their security. Acquisition is, in a sense, outsourcing the development of a system to one or more external providers. This does not relieve the acquirer of responsibility for the outcome. In fact, the activities, products, and behaviors of the acquirer have a significant influence on the success or failure of outsourcing activities. This fact is acknowledged in the appearance of CMMI-based guidelines for outsourcing [Hofmann 06] and the esourcing Capability Model, a best-practices capability model that has been developed for outsourcing IT-based business functions [Hefley 06]. One purpose of these models is to give client or acquisition organizations guidance on how to improve their own capabilities for participating in outsourcing or acquirer-supplier agreements. Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh, PA 15213-2612 Phone: 412-268-5800 Toll-free: 1-888-201-4479 The Acquisition content area of BSI is intended to raise awareness of the acquirer s role in building security in for major software-intensive systems. Assuring Software Systems Security: Life Cycle Considerations for Government Acquisitions discusses the integration of software security activities into the United States government acquisition life cycle. Building Security into the Business Acquisition Process provides an introduction to the standard IEEE 12207, Information Technology Software life cycle processes, which provides a framework covering the life cycle from conceptualization through retirement [IEEE/EIA 98a, 98b, 98c]. Use of 12207 can help ensure that security considerations are a central part of product selection, monitoring, and acceptance. Systemof-Systems Influences on Acquisition Strategy Development presents some recommendations for using an acquisition strategy to address sources of risk in systems of systems. System complexity and hence acquisition complexity is an aggregate of technology, scale, scope, operational, and organizational issues. For example, consider the initiation phase of the 12207: www.sei.cmu.edu

1. Prepare a concept or a need to acquire, develop, or enhance a product or service. 2. Prepare a set of requirements including relevant design, testing, and compliance standards. 3. Prepare a risk and cost-benefit analysis for acquisition. 4. Prepare a set of acceptance criteria and criteria for evaluation. 5. Prepare an acquisition plan based on requirements, analyses, and criteria. The dynamics of organizational usage increase the complexity of identifying requirements. While elicitation of functional requirements is essential, the primary system architectural drivers are increasingly the non-functional system attributes such as performance, flexibility, and security that enable the desired usage. The acquisition process must explicitly address those non-functional system properties. In addition, the development of an acquisition plan depends on more than the requirements, the risk and cost-benefit analysis, and the acceptance and evaluation criteria. The plan should be guided by an acquisition strategy that reflects decisions made with respect to a number of strategic issues. Such issues might include acquisition approach (e.g., incremental, evolutionary, agile), external interfaces, use of previously developed or commercial software, competition/solicitation approach, contracting approach, information assurance strategy, training, and support. Strategy drivers impact technical and acquisition requirements, risks, costs, acceptance criteria and approach, and all aspects of operations and sustainment. ACQUISITION CHALLENGES At the forefront of the challenges that strain today s acquisition practices is the increased scale of deployed systems, where scale is achieved not by building large individual systems but by using network-based integration protocols, such as web services, to integrate a collection of systems. It is software that enables a business work process or a military mission thread to span multiple systems and, increasingly, multiple organizations. The criteria for a successful system deployment includes not only measures for the services associated with that system but also measures for how that system interoperates with other systems to support the work processes or mission threads. 1 ACQUISITION OVERVIEW: THE CHALLENGES

Some of the ways that scale affects acquisition include diversity of users dynamics of usage increased importance of the non-functional requirements Diversity of Users Stakeholders who define the business needs for a new application or component can represent an equally complex range of organizational needs; they can be organizationally distributed and diverse, with conflicting, complex, and incomplete requirements. As more organizational functions are linked to share information, the technology that supports these functions is integrated to share data and support cross-functional activities. When the choices made by previously disconnected stakeholders are incompatible, poorly planned integration can leave gaps that provide opportunities for security problems. Dynamics of Usage Usage is not static. Today s systems must support a dynamic operating environment that is driven by evolving business goals and organizational needs. For example, a commercial organization must respond to market changes or regulatory demands. The successful deployment for Department of Defense systems increasingly depends on the ability to securely support very dynamic and networked operational usage that involves multiple and independently developed systems. Both the technologies used and changing operational environment raise security risks that are typically not addressed in current practice. Systems can also affect usage. New system functionality can change existing work processes, and it is not unusual over time for a system to be used in ways not anticipated in the initial design. Inconsistencies between designed and future usage can be sources for security problems. As we connect more systems and as that connectivity involves multiple organizations, we have less knowledge of the external dependencies that exist. The multiplicity of factors generates diverse requirements and frequently leads to inherently conflicting ones. There may be requirements that are vague at the start of a development and can only be specified after the dependencies among systems are better understood. Full understanding may come only after deployment and usage. Robust software security practices must be sustained throughout this concurrent evolution of interdependent systems. 2 ACQUISITION OVERVIEW: THE CHALLENGES

Non-Functional Requirements as Architectural Drivers An increasing number of essential business requirements such as those associated with business continuity or with rapidly changing work processes depend on system quality attributes such as availability, reliability, maintainability, and security. Today s software acquisition efforts focus primarily on functional requirements and capabilities and not on quality attributes. Most enterprise systems are relatively simple if we just consider the functionality because decades of use have refined the relevant design patterns, but the business drivers have also increased the importance of the non-functional attributes of the systems being acquired. The complexity arises because of the plethora of details regarding rules, policies, and non-functional requirements such as performance and security [Booch 05]. A challenge for role-based access control is dealing with inconsistent use of terms such as manager within a single organization and certainly across multiple organizations. A challenge for software development in general and certainly for acquisition is to capture those details in the acquisition process. Adaptability/flexibility is a good example of the importance of a non-functional attribute. There will be an increasing need to integrate new capabilities into a system while it is operating. New and different capabilities will be deployed, and unused capabilities will be dropped; the system will be evolving not in phases, but continuously. Software is touted for its flexibility in terms of meeting requirements, but that flexibility is fully available only at the start of development. Design choices to meet specific requirements can constrain other options and limit the ability to make changes after the system is deployed. The integration requirements for a system that must interoperate with existing systems can be dynamic, since the interfaces and usages associated with the existing systems may change before the new system is deployed. This adaptability drives significant requirements for security. Changes in usage or in the underlying technology may change the security threats. In addition, the continuing confrontation between the attacker and defender is dynamic. Improved defenses can lead to the use of new attack patterns to exploit other weaknesses. The analysis of system failures and of the risks of new attack patterns is a continuous activity. Other trends that raise the importance of the non-functional properties include Systems of systems: Systems are rarely stand-alone entities. A business work process or a military mission thread depends on integrating multiple systems into systems of systems. Management and operational control of the individual systems are decentralized. Security must now deal with differences in the risks profiles, risk mitigation strategies, and security policies among a collection of systems. 3 ACQUISITION OVERVIEW: THE CHALLENGES

Failures: Attackers often exploit a system s failure to properly manage errors, such as not validating user input. System development has typically concentrated on hardware failures, which in the past were a primary cause of failures. Now, increasingly more catastrophic system failures are the result of software or data input errors. System complexity increases the likelihood of errors that arise from mismatches in the operating assumptions among systems and hence raises the value of good error management for security. System interactions: Deployment of a new capability that is assembled from existing, operational software components may degrade the performance and security of the overall network of systems. Successful deployment depends not only on the behavior of the new capability itself but on its interactions with other components and systems in the environment. The newly deployed capability might generate unexpected contention for shared resources. An attacker may be able to generate a denial of service for a collection of systems by creating behavior on one system that is not tolerated by the other systems. Verification of new capabilities before deployment must consider such security risks. SUMMARY Acquirers must clearly identify and describe mission and business needs and both functional and non-functional requirements to prospective suppliers. They must develop an acquisition plan based on a strategy built around key drivers and risks with respect to cost, schedule, performance, and risk. Such drivers include issues of scale and emerging trends in software and system engineering. Acquirers must understand and document the criteria for accepting deliveries and the approach for verifying that the criteria are met. The acquirer must evaluate candidate suppliers abilities to deliver the needed capabilities, in the context of both functional and non-functional requirements. Once a supplier is selected, they must execute a well-defined approach to monitor progress toward delivery and to ensure that non-functional requirements, including security, are kept at the forefront throughout the acquisition life cycle. While the majority of the BSI content targets developers, some material is useful to the acquirer as well. Many of the issues raised in this introduction involve how systems are integrated to provide required capabilities. The Assembly, Integration, and Evolution content area and the more general material in the System Strategies content area provide a more detailed discussion of integration issues and security. The Architectural Risk Analysis content area is applicable to acqui- 4 ACQUISITION OVERVIEW: THE CHALLENGES

sition and the Security Testing content area provides fodder for acceptance and evaluation criteria. REFERENCES [Boehm 06] Boehm, Barry. Some Future Trends and Implications for Systems and Software Engineering Processes. Systems Engineering 9, 1 (Spring 2006): 1-19. [Booch 05] Booch, Grady. Architecture Web Log (2005). [Hefley 06] Hefley, William E. & Loesche, Ethel A. The escm-cl v1.1: Model Overview and The esourcing Capability Model for Client Organizations (escm-cl) v1.1. Information Technology Services Qualification Center, Carnegie Mellon University, 2006. [Hofmann 07] Hofmann, Hubert F.; Yedlin, Deborah K.; Mishler, John W.; & Kushner, Susan. CMMI(R) for Outsourcing: Guidelines for Software, Systems, and IT Acquisition. Boston, MA: Addison-Wesley, 2007. [IEEE/EIA 98a] IEEE/EIA. IEEE/EIA 12207.0-1996, Industry Implementation of International Standard ISO/IEC 12207: 1995, ISO/IEC 12207, Standard for Information Technology Software life cycle processes. New York: IEEE, March 1998. [IEEE/EIA 98b] IEEE/EIA. IEEE/EIA 12207.0-1996, Industry Implementation of International Standard ISO/IEC 12207: 1995, ISO/IEC 12207, Standard for Information Technology Software life cycle processes Life cycle data. New York: IEEE, April 1998. [IEEE/EIA 98c] IEEE/EIA. IEEE/EIA 12207.2-1997, Industry Implementation of International Standard ISO/IEC 12207: 1995, ISO/IEC 12207, Standard for Information Technology Software life cycle processes Implementation considerations. New York: IEEE, April 1998. 5 ACQUISITION OVERVIEW: THE CHALLENGES

[Maier 06] Maier, W. Mark. System and Software Architecture Reconciliation. Systems Engineering 9, 2 (2006): 146-158. [D&B 00] Dun & Bradstreet. Press Release about Barometer of Global Outsourcing Report, February 29, 2000. 6 ACQUISITION OVERVIEW: THE CHALLENGES

Copyright Carnegie Mellon University 2005-2012. This material is based upon work funded and supported by Department of Homeland Security under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center sponsored by the United States Department of Defense. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of Department of Homeland Security or the United States Department of Defense. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution except as restricted below. Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and No Warranty statements are included with all reproductions and derivative works. External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. * These restrictions do not apply to U.S. government entities. DM-0001120 7 ACQUISITION OVERVIEW: THE CHALLENGES

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback