CMMI for Acquisition and CMMI for Development: Potential Favorable Contributors to the Rapid Acquisition of IT Systems in Support of Public Law 111

Similar documents
CMMI for Acquisition Quick Reference

DoD IT Acquisition Reform

Comparing Scrum And CMMI

What s New in V1.3. Judah Mogilensky Process Enhancement Partners, Inc.

Managing a Project and Keeping Sane While Wrestling Elegantly With PMBOK, Scrum and CMMI (Together or Any Combination)

Quest 2015 Webinar Series:

Introduction to Software Product Lines Patrick Donohoe Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213

SCRUM and the CMMI. The Wolf and the Lamb shall Feed Together

A Global Overview of The Structure

A Case Study: Experiences with Agile and Lean Principles

Highlights of CMMI and SCAMPI 1.2 Changes

Designing the Infrastructure for an Enterprise IT System

Patricia A Eglin David Consulting Group

Adapting Agile to the. Framework. Mary Ann Lapham, PMP, CSM Principal Engineer Software Engineering Institute

9/24/2011 Sof o tw t a w re e P roc o e c s e s s s Mo M d o e d l e s l 1 Wh W a h t t i s i s a Pr P oc o ess s 2 1

Software Process Assessment

Update Observations of the Relationships between CMMI and ISO 9001:2000

Lesson Learned from Cross Constellations and Multi Models Process Improvement Initiatives

CARNEGIE MELLON UNIVERSITY

Teuvo Suntio. Quality Development Tools. Professor of Power Electronics at University of Oulu. Electronic System Design A TS Rev. 1.

Using CMMI. Type of Work. IT solution development Software development IT solution integration IT solution deployment

Complexity and Software: How to Meet the Challenge. NDIA CMMI Technology Conference

Acquisition Overview: The Challenges

CC and CMMI. An Approach to Integrate CC with Development

CERT Resilience Management Model, Version 1.2

CMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide

CMMI for Services (CMMI -SVC) Process Areas

DORNERWORKS QUALITY SYSTEM

Practical Application of the CMMI for Building a Strong Project Management Infrastructure

CMMI A-Specification. Version 1.7. November, For CMMI Version 1.2. This document is controlled by the CMMI Steering Group.

How to Assure your Subcontractors Quality with Cross Constellations and Multi Models Inspiration Continues Process Improvement Initiatives

CMMI Version 1.2. Model Changes

Agile In Government: A Research Agenda for Agile Software Development

Leveraging Your Service Quality Using ITIL V3, ISO and CMMI-SVC. Monday Half-Day Tutorial

CMMI for Services Quick Reference

CMMI for Acquisition (CMMI-ACQ) Primer, Version 1.2

Software technology 3. Process improvement models. BSc Course Dr. Katalin Balla

Improving Acquisition in Government Requirements Management Leading Practices: CMMI-ACQ Visualization

System Engineering Process Improvement using the CMMI in Large Space Programs

MTAT Software Engineering Management

Understanding and Leveraging a Supplier s CMMI Efforts: A Guidebook for Acquirers (Revised for V1.3)

8. CMMI Standards and Certifications

Incremental Lifecycle Assurance of Critical Systems

CMM,,mproving and,ntegrating

Achieving Agility and Stability in Large-Scale Software Development. Ipek Ozkaya Senior Researcher, Research, Technology, and System Solutions Program

USAF Software Technology Support Center (STSC) STSC SPI Help Desk COM , DSN

Architecture Support for Testing

Relationship between CMMI Maturity Levels and ISO/IEC Processes Capability Profiles

CMMI SM Mini- Assessments

Oh No, DevOps is Tough to Implement!

AF Systems Engineering Assessment Model (AF SEAM) George Richard Freeman

CMMI for Acquisition (CMMI-ACQ) Primer, Version 1.2

CMMI Version 1.3: Are you Ready for Release?

CMMI for Technical Staff

Bill Smith, CEO Leading Edge Process Consultants LLC

CMMI-SVC: A Cost-Effective Approach to Early Use

Driving Out Technical Risk by Blending Architecture, Process, and Project Discipline

Strategies for Transitioning to CMMI-SVC

SCAMPI V1.1 Method Overview

Chapter 26 Process improvement

Marilyn Ginsberg-Finner Northrop Grumman Corporation

The Smart Grid Maturity Model & The Smart Grid Interoperability Maturity Model. #GridInterop

Capability Maturity Model Integration (CMMI) V1.3 and Architecture-Centric Engineering

SOFTWARE ENGINEERING SOFTWARE PROCESS. Saulius Ragaišis.

Risk and Resilience: Considerations for Information Security Risk Assessment and Management

Supplier s s Perspective on

CERT Resilience Management Model, Version 1.2

CMMI for Services (CMMI-SVC): Current State

Measuring What Matters Lisa Young

Software Project Management Sixth Edition. Chapter Software process quality

CMMI Capability Maturity Model Integration [CMU SEI]

Development and Validation of a Systems Engineering Competency Model

Generating Supportive Hypotheses

UNCLASSIFIED. DoD Cyber Excepted Service (CES) Personnel System. Leaders Orientation. DoD CIO UNCLASSIFIED

Effective Reduction of Avoidable Complexity in Embedded Systems

Achieving Acquisition Excellence via Improving the Systems- Engineering Workforce

CMMI-SVC V1.3 CMMI for Services Version 1.3 Quick Reference Guide

Acquisition & Management Concerns for Agile Use in Government Series. Agile Development and DoD Acquisitions

Engineering. CMMI for Development V.1.2 Module 3. M03/Engineering/v1.2

The Business Case for Systems Engineering: Comparison of Defense-Domain and Non- Defense Projects

CMMI Current State. Bob Rassa Industry CMMI Chair, Raytheon. Clyde Chittister Chief Operating Officer, Software Engineering Institute

What Metrics Should a CSIRT Collect to Measure. Success?

Defining a Maturity Scale for Governing Operational Resilience

A Real-Life Example of Appraising and Interpreting CMMI Services Maturity Level 2

Identifying Acquisition Patterns of Failure Using Systems Archetypes

The Business Case for Systems Engineering: Comparison of Defense-Domain and Non- Defense Projects

CMMI for Services: Re-introducing the CMMI for Services Constellation

The Issue of Performance Why Do you need a Maturity Level 5. Achieving the Organizational Business Objectives Through Optimized Operational Processes

Architecture-Centric Procurement

Supporting Safety Evaluation Process using AADL

UNCLASSIFIED OSD RDT&E BUDGET ITEM JUSTIFICATION (R2 Exhibit)

One if by Land, Two if by Sea

It Takes an Ecosystem Gary Chastek John D. McGregor

Acquisition Domain: Leading Transformation

Succeed with Agile at Scale

CMMI for Services (CMMI-SVC): Current State

Continuous Iterative Development and Deployment Practices

Beyond Service Management: The Next Performance Advantage for All Disciplines

Methodology for the Cost Benefit Analysis of a Large Scale Multi-phasic Software Enterprise Migration

Transcription:

CMMI for Acquisition and CMMI for Development: Potential Favorable Contributors to the Rapid Acquisition of IT Systems in Support of Public Law 111 National Defense Industrial Association November 14-17, 2011 Dr. Kenneth E. Nidiffer Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 703-908-1117

Overview Background Overview of Proposed Changes Challenges Summary This presentation focuses on the past, present, and future of IT acquisitions Source: SEI 2 2

What is the Information Technology (IT) Environment? Includes all System of Systems Architecture Services Networked Hardware/ Platforms People who digitally connect to cyberspace Source: SEI Often difficult to distinguish IT systems from other! types of systems because they are networked systems! 3

Examples of Emerging Ultra-Large IT Systems Source: www.sei.cmu.edu/uls 4

Optimizing Information Technology* Adaptable IT Infrastructure Center on - Cloud Computing - Common Services - Network/Desktop Consolidation Streamlined IT Acquisition Processes Robust Cyber Security Implementation Information Sharing Approaches Information Assurance Renewed Focus on Using Facilities on Reducing Overall Environment Consumption (e.g., power, space, cooling) * Partial List Sources: Department of Defense (DoD) Chief Information Officer (CIO) Campaign Plan Baseline (Oct, 2011) and SEI Discussions with CIOs (2010) 5

Acquisition: IT Systems are Different from a Weapon System and Critical to Enable a more Resilient Cyber Environment Weapon Systems Weapon platform centric Military unique requirements Development of militaryunique, breakthrough technologies Development cycle of decade or more Production decisions for unique hardware Service lives extending into decades IT Systems Enterprise network centric Adapt commercial capabilities for military needs Leverage commercial technologies Technology cycle 12-18 months Procure commodity hardware Periodic technology refresh to avoid obsolescence Demand Different Acquisition Life Cycles and Processes Sources: IT Acquisition Reform Task Force/MITRE Corporation 6

DoD IT Acquisition Cycle Time - 32 MAIS Planning Phase Milestone B Build Phase Initial Operational Capability Analysis of Alternatives 43 Economic Analysis 40 48 Development MS C Test 5 91 Cycle Time Driven by Processes Developed to Counter a Cold War Adversary In Industrial Age Society Source: Defense Science Board Report, March 2009 7

The Opportunities MAIS Program Avg = 91 Months Adaptability Speed Agility Previous DEPSECDEF Bill Lynn established a new goal: 18 months Source: A New Approach for Delivering IT Capabilities in DoD, Report to Congress, November 2010 8

IT Acquisition Reform Imperative Develop and Implement a new process for Acquiring IT (FY10 NDAA* Section 804) HASC** Panel on Defense Acquisition Reform Finding and Recommendations (23 March 2010) Defense Science Board Jan 09 Integrating COTS Mar 09 IT Acquisition Apr 09 Fix the Acq process Jul 09 Rapid Acquisition Industry Associations AFEI, TechAmerica, National Academies - Achieving Effective Acq of IT in DoD 2010 Business Leads Aug 08 Joint DISA IT Review Improve DoD IT Acquisition 25-Pt Implementation Plan to Reform Federal IT Management Vivek Kundra, U.S. CIO, December 9, 2010 First step [for DoD to succeed in delivery of IT] is to acknowledge that simply tailoring the existing processes in not sufficient (National Research Council, DEC 2009) NDAA: National Defense Authorization Act ; HASC: House Armed Services Committee; AFEI: Association for Enterprise Information; DISA: Defense Information Systems Agency 9 9

Defense Science Board Report & Public Law 111 (Section 804) 2010 National Defense Authorization Act Selected Statements (paraphrased): NEW ACQUISITION PROCESS REQUIRED -The Secretary of Defense shall develop and implement a new acquisition process for information technology systems To the extent determined by the Secretary, be based on the recommendations in Chapter 6 of the March 2009 report of the DSB Task Force on DoD and Procedures for the Acquisition of Information Technology 10 10

A New Acquisition Process for Information Technology Source: Defense Science Board Report, March 2009 11

Guiding Principles 1. Deliver Early and Often 2. Incremental and Iterative Development and Testing 3. Rationalized Requirements 4. Flexible/Tailored Processes 5. Knowledgeable and Experienced IT Workforce Sources: Defense Science Board Report, March 2009 and A New Approach for Delivering IT Capabilities in DoD, Report to Congress, November 2010 12

DOD Software Acquisition Process Improvement Programs, DoD Major Events, and Leadership Rotation Cohen Rumsfeld Gates 01-24-1997 to 01-20-2001 Pre-Public Law Actions-SSWG 01-20-2001 to 12-17-2006 12-17-2006 to Present OSD Policy for Systems Engineering Forum Established Feb 2, 2004 DoDD 5010.42 CPI/LSS May 15, 2008 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 OSD Software Intensive Systems Steering (SISSG) June 6, 2000 GAO Audit Reports Army Strategic Software Improvement Program Aug 18, 2002 OSD Guidance on Section 804 Mar 21, 2003 OSD Software Intensive Systems Steering (SISSG) June 11, 2003 OSD GAO Response Dec 21, 2004 Follow-up will be though SE Revitalization Air Force Software- Intensive Systems Strategic Improvement Program Jan 13, 2004 OSD GAO Response Dec 1, 2006 Follow-up Section 804 met under SE Revitalization No further reporting. Navy Software Process Improvement Program May 15, 2006 DOD Software Acquisition Training and Education Working Feb 2, 2008 Declared end of OSD Reporting on PL 107-314 DoD/NSA Establish Systems Engineering Research Center (SERC) Nov 24, 2008 OSD Tri-Service Assessments Initiative 1999-2003/4 GAO-01-116 Mar 2001 Report Public Law 107-314, Section 804 Dec 2, 2002 Source: OSD/AT&L GAO-04-393 Report July 2004 GAO-04-393 Follow-up Report July 2005 GAO-04-393 Follow-up Report July 2006 GAO-09-888 Sept 2009 Report Software Improvement Focus Systems Engineering Improvement Focus 13

An Effective Process for Major Defense Systems - but not very agile for IT Systems 14

Better Alignment: Three Major DoD Decision Support Systems Planning, Programming, Budgeting & Execution (PPBE) Effective Interaction Essential for Success Joint Capabilities Integration & Development System (JCIDS) Defense Acquisition System Big A Source: Defense Acquisition University Aug, 2010 15

Challenges: Information Technology (IT) Environment Source: www.sei.cmu.edu/uls 16

Rate of Adoption The Cyber Domain is Hotly Contested High Sophistication Low UNCLASSIFIED 17 Sophistication Required of Actors Declining back doors disabling audits exploiting known vulnerabilities password cracking self-replicating code password guessing Sophistication Of Available Tools Growing packet spoofing burglaries sniffers sweepers hijacking sessions 1980 1985 1990 1995 sophisticated C2 cross site scripting stealth / advanced scanning techniques denial of service distributed attack tools www attacks automated probes/scans GUI network mgmt. diagnostics Staging 17 next? Increased GIG Complexity and Dependence equates to lower entry barriers and potential for increased number of malicious actors Source: DoD Defensive measures are outpaced by the well resourced sophisticated threat... 17

Agile Development Process: A Building Block for Constructing Capabilities Agile methods emphasize early and continuous delivery of valuable products and services User immersion in development for clarification and feedback Iterative development Testing occurs throughout (instead of at the end) Working product is the primary measure of progress Sources: IT Acquisition Reform Task Force/MITRE Corporation 18 18

Agile is Not One-Size-Fits-All Note: The diagram which was created by the MITRE Corporation team on the IT Acquisition Task Force Initiative is only for illustrative purposes and not necessarily representative of any specific agile approach 19

Assessment Framework: CMMI -ACQ Source: SEI Source SEI 2007 20

CMMI -ACQ Categories and Process Areas Category Acquisition Process Management Project Management Support Process Area Agreement Management (AM) Acquisition Requirements Development (ARD) Acquisition Technical Management (ATM) Acquisition Validation (AVAL) Acquisition Verification (AVER) Solicitation and Supplier Agreement Development (SSAD) Organizational Innovation and Deployment (OID) Organizational Process Definition (OPD) Organizational Process Focus (OPF) Organizational Process Performance (OPP) Organizational Training (OT) Integrated Project Management (IPM) Project Monitoring and Control (PMC) Project Planning (PP) Quantitative Project Management (QPM) Requirements Management (REQM) Risk Management (RSKM) Causal Analysis and Resolution (CAR) Configuration Management (CM) Decision Analysis and Resolution (DAR) Measurement and Analysis (MA) Process and Product Quality Assurance (PPQA) CMMI -ACQ model was developed to codify best practices to help organizations improve acquisition processes CMMI reference models have gained significant traction across commercial and defense community and are widely used throughout world [CMMI Product Team 07] Source: SEI 21

CMMI -ACQ (V1.3) Project Planning Comparison* Project Planning PP CMMI Pratice Scrum Practice SG 1 Estimates of project planning parameters are established and maintained SP 1.1 Establish and maintain the acquisition strategy Concept of Operations or Scrum product vision SP 1.2 The standard tasks used in a Scrum process Establish a top-level WBS to estimate combined with specific project tasks (Scrum the scope of the roject Backlog) SP 1.3 SP 1.4 SP 1.5 Establish and maintain estimates of the attributes of the work products and tasks Define the project lifecycle phases on which to scope the planning effort Estimate the project effort and cost for the work products and tasks based on estimation rationale Story points, used to estimate the difficutly (or relative size) of a Story (requirement) The Scrum Process Scrum time estimate (similar to billable hours or Full Time Equivalents) SG 2 SP 2.1 A project plan is established and maintained as the basis for managing the project Establish and maintain the project's budget and schedule 1. Scrum estimates; 2. Estimates of what work will be in each release; 3. Sprint Backlog; 4. Project Taskboard Reference: N. Potter and M. Sakry, Implementing Scrum (Agile) and CMMI Together, March 2009 22

IT Compared with Other Sciences PHYSICAL SCIENCE BIOSCIENCE IT- COMPUTER/SOFTWARE/CYBER SCIENCE Origins/History Begun in antiquity Begun in antiquity Mid-20 th Century Enduring Laws Framework of Scientific Study R&D and Launch Cycle Laws are foundational to furthering exploration in the science Four main areas: astronomy, physics, chemistry, and earth sciences Laws are foundational to furthering exploration in the science Science of dealing with health maintenance and disease prevention/treatment Only mathematical laws have proven foundational to computation Several areas of study: computer science, software/ systems engineering, IT, HCI, social dynamics, AI All nodes attached to/relying on netted system 10-20 years 10-20 years Significantly compressed; solution time to market needs to happen very quickly Source: SEI HCI: Human Computer Interaction; AI: Artificial intelligence 23

Opportunity - 21 st Century Acquisition Workforce Acquisition Guidance, and Training Programs Need to Be Updated to Support the 21 st Century Acquisition Workforce Sources: DoD (AT&L) and SEI 24

Why are Software Intensive IT Projects Difficult? According to Fred Brooks software projects are difficult because of accidental and essential difficulties Accidental difficulties are caused by the current state of our understanding of methods, tools, and techniques of the underlying technology base Essential difficulties are caused by the inherent nature of software invisibility - lack of physical properties conformity changeability complexity Source: The Mythical Man-Month by Fred Brooks, Addison Wesley, 1995 25

Realities of Software Quality The flowchart might correspond to a 100 LOC module with a single loop that may be executed no more than 20 times. There are approximately 10 14 possible paths that may be executed! For any but the smallest programs, complete path coverage for defect detection is impractical. Loop < 20 times Lehman Laws: 1. The Law of Continuing Change programs must change to be useful 2. The Law of Increasing Complexity programs that change become more complex Source: Adapted from Pressman, R.S., Software Engineering: A Practitioner s Approach, Third Edition, McGraw Hill, 1992 26

Software Evolution and Maintenance Cost Is Increasing Year Proportion of software maintenance costs Definition 2000 >90% Software cost devoted to system maintenance & evolution / total software costs 1993 75% Software maintenance / information system budget (in Fortune 1000 companies) Erlikh (2000) Reference Eastwood (1993) 1990 >90% Software cost devoted to system maintenance & evolution / total software costs Moad (1990) 1990 60-70% Software maintenance / total management information systems (MIS) operating budgets Huff (1990) 1988 60-70% Software maintenance / total management information systems (MIS) operating budgets Port (1988) 1984 65-75% Effort spent on software maintenance / total available software engineering effort. McKee (1984) 1981 >50% Staff time spent on maintenance / total time (in 487 Lientz & Swanson (1981) organizations) 1979 67% Maintenance costs / total software costs Zelkowitz et al. (1979) Source: Jussi Koskinen, Department of Computer Science and Information Systems, University of Jyväskylä P.O. Box 35, 40014 Jyväskylä, Finland 27

Federal IT Market Growth In the next five years, IT contractors will see the federal market for their services increase by a compound annual growth rate of 5.4 percent to a total of $111.9 billion by 2015. -- Ben Bain Federal Computer Week April 8, 2010 28

Proposed Changes: Think and Perform Differently Watson's Avatar, Inspired by the IBM Smarter Planet" Logo CMMI for Acquisition and CMMI for Development Can Have a Potential Impact on the Rapid Acquisition of IT Systems Source: Wikipedia - IBM Watson: The Face of Watson on You Tube 29

Summary The IT Acquisition Task Force Initiative concepts may have to be quite radical to meet the IT Acquisition Reform Guiding Principles (Section 804)* Deliver Early and Often Be responsive to the users needs Incremental and Iterative Development and Testing Rationalized Requirements Balance user needs with constraints Flexible/Tailored Processes Customize to IT category Knowledgeable and Experience IT Workforce Understands IT uniqueness CMMI for Acquisition and CMMI for Development Can Have a Potential Impact on the Rapid Acquisition of IT Systems General acknowledgement that we can and must do better! Source: A New Approach for Delivering IT Capabilities in the DoD, Report to Congress, November 2010 30

Wrap Up 31

Contact Information Dr. Kenneth E. Nidiffer, Director of Strategic Plans for Government Programs Software Engineering Institute, Carnegie Mellon University Office: + 1 703-908-1117 Fax: + 1 703-908-9317 Email: nidiffer@sei.cmu.edu 32

This material is based upon work supported by the U.S. Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense. NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder. This presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. 33

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback