Streamlining the Process of Acquiring Secure Open Architecture Software Systems

Abstract

The goal of this research was continuing to investigate a new approach to address challenges in the acquisition of secure open architecture (OA) software systems for the Department of Defense (DoD; Department of Defense Open Systems Architecture [DoDOSA], 2011). Program managers, acquisition officers, and contract managers will increasingly be called on to review and approve security measures employed during the design, implementation, and deployment of OA systems. Our efforts sought to make this a simpler, more transparent, and more tractable process. Such a process must be easy to reuse, adapt, and streamline for different system application domains in order to realize cost reductions and improve acquisition workforce capabilities. Our research described in this report focuses on two problems for acquisition research: (1) how best to acquire secure OA software systems that include reusable software product line components (Mactall & Spruill, 2012; Womble, Schmidt, Arendt, & Fain, 2011); and (2) how to articulate and streamline a process for identifying and reviewing the security of OA software systems. Our overall research results presented in the following chapter stipulate that the best ways to streamline the process for acquiring secure OA systems in line with DoD's Better Buying Power 2.0 (What is Better Buying Power? 2013) guidelines are those that: (a) encourage the adoption of open (source) business models; (b) provide open source models of acquisition processes; and (c) employ techniques for streamlining acquisition processes for secure OA systems through direct measurement and assessment of acquisition processes, redesign and evolution of acquisition processes, design of new acquisition processes specific to secure OA systems, and through employment of cost management as an element in the design of future OA system acquisition processes.