Presentation
Security in Large System Acquisition
Security in Large System Acquisition
| authors | ||
 |
Marshall Abrams | |
|
Joe Veoni | |
|
R. Kris Britton | |
 |
|
|
|
Presentation
Security in Large System Acquisition |
|||||||||||||||||
|
Large systems are typically composed of multiple hardware and software components. Most of the components are COTS products. All of the COTS components have security properties, as will the custom software, and the resultant system. Traditionally, incorporating security into the acquisition of these large systems and creating their system security requirements has been an “ad hoc” task. Resulting requirements often present a poor requirement framework from which to build and evolve the system and lack any record of rationale for decisions that have been made. While a security analysis would be valuable for future decision makers to consider when evolving the system, often there is no central repository of recorded security analysis that is kept throughout the life cycle from project inception through to the maintenance phase. This paper describes a method that has been adopted by the Federal Aviation Administration (FAA) for the National Airspace System (NAS) for developing security properties for large system acquisitions that can be used to support not only the acquisition process but can also be used through the lifecycle of the system. | ||||||||||||||||
|
|
|