Acquisition

A primary objective for this content area is to raise acquirers’ awareness of their role in “building security in” for major software-intensive systems. The initial articles describe an acquisition life-cycle framework for security activities, products, and reviews and for selected acquisition contexts and life cycle phases. The authors provide additional guidance on methods and resources for acquirers to identify and manage security risks, with the goal of producing systems that are sufficiently robust to assure mission success.