Software Engineering Institute

When systems are built under government contract, the acquirer and contractor share responsibility for the outcome, not only in terms of cost, schedule, and performance, but also with respect to quality attributes such as security. Using an acquisition life cycle framework, this article identifies acquirer activities, products, and resources that are necessary to establish and support contractor efforts to build secure software-intensive systems.