Acquisition Security Framework (ASF): Overview

Woody, Carol; Alberts, Christopher; Wallen, Charles; Bandor, Mike

Acquisition Security Framework (ASF): Overview

Active / Technical Report | Accesssion Number: AD1132173 |

Open PDF

Abstract:

ASF Goals; Integrate software security engineering practices into the acquisition lifecycle: Expand Acquisition Security Framework (ASF) Version 1.0 based on lessons learned from successful supply chain attacks (e.g., the SolarWinds attack): Incorporate DevSecOps concepts and principles into ASF V2.0 : Adapt system and software engineering measurement activities to include security where appropriate.

Author(s):

Woody, Carol ; Alberts, Christopher ; Wallen, Charles ; Bandor, Mike

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA

Funding Organization(s):

AIR FORCE LIFE CYCLE MANAGEMENT CENTER HANSCOM AFB MA, HANSCOM AFB , MA

Document Type:

Technical Report/Briefing Charts

Publication Date:

2021 May 05

Pagination:

29

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release

RECORD

Collection: TRECMS

Identifying Numbers

Contract Number(s):

FA8702-15-D-0002

Subject Terms

Communities of Interest:

Biomedical

Descriptor(s):

acquisition, engineering, software development, public health, lessons learned, materials, security, supply chain, universities, department of defense, governments, guarantees, risk, risk management, business administration, health

Keyword(s):

asf(Acquisition Security Framework), incidents, solarwinds

Subject Categories:

Mathematical and Computer Sciences; Behavioral and Social Sciences

Creation Date:

2021 Jun 04

Update Date:

2021 Jul 28