search menu icon-carat-right cmu-wordmark

Addressing Supply Chain Risk and Resilience for Software-Reliant Systems

In this webcast, Carol Woody and Charles Wallen discuss the Acquisition Security Framework (ASF) and how the ASF provides a roadmap to help organizations build security and resilience into a system.

Software Engineering Institute



All technology acquired by an organization requires the support of (or integration with) components, tools, and services delivered by a diverse set of supply chains. However, the practices critical to addressing supply chain risks are typically scattered across many parts of the acquiring organization, and they are performed in isolated stovepipes. This situation causes inconsistencies, gaps, and slow response to crises. The Acquisition Security Framework (ASF) addresses this problem by combining leading cyber practices that help organizations manage supply chain risk and define the collaborations critical to securely acquiring, engineering, and operating software-reliant systems. The goals, practices, and processes that structure the ASF have been demonstrated as effective for managing risk and improving resilience. The ASF is consistent with published guidelines for supply chain risk management from ISO, NIST, and DHS.

What attendees will learn:

This webcast will introduce attendees to the ASF and demonstrate the ways in which the ASF provides a roadmap to help organizations build security and resilience into a system rather than “bolt on” these characteristics after deployment. The webcast will also examine how, following deployment, the ASF guides the ongoing management of system risk and resilience as the technology, threats, and requirements evolve over the system’s lifecycle.

ASF includes

  • leading security and resilience practices critical to supply chain risk management
  • a pathway for proactive process management that fosters effective collaboration across the range of stakeholders responsible for acquiring, developing, and deploying software-reliant systems

About the Speaker

Headshot of Carol Woody.

Carol Woody

Dr. Carol Woody has been a senior member of the technical staff since 2001. Currently she is the technical manager for the Cyber Security Engineering (CSE) team, whose research focuses on meeting the challenges of cyber security in acquisition, system and software engineering.  CSE is building capabilities in defining, acquiring, …

Read more
Headshot of Charles Wallen

Charles M. Wallen

Charles M. Wallen has been a thought leader in operations and IT risk management for over 20 years. He has provided consulting to public and private organizations, led industry-wide initiatives, and managed global operations risk management and governance programs at American Express and Bank of America.  

Charles works closely with …

Read more