search menu icon-carat-right cmu-wordmark

Prototype Software Assurance Framework (SAF): Introduction and Overview

Technical Note
In this report, the authors discuss the Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2017-TN-001
DOI (Digital Object Identifier)
10.1184/R1/6582620.v1

Abstract

Software is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions also increase. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. The costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. Field experiences of technical staff at the Software Engineering Institute (SEI) indicate that few programs currently implement effective cybersecurity practices early in the acquisition lifecycle. Recent DoD directives are beginning to shift programs’ priorities regarding cybersecurity. As a result, researchers from the CERT Division of the SEI have started cataloging the cybersecurity practices needed to acquire, engineer, and field software-reliant systems that are acceptably secure.

This report introduces the prototype Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. The SAF can be used to assess an acquisition program’s current cybersecurity practices and chart a course for improvement, ultimately reducing the cybersecurity risk of deployed software-reliant systems. This report presents Version 0.2 of the SAF and features three pilot applications of it.

Cite This Technical Note

Alberts, C., & Woody, C. (2017, April 6). Prototype Software Assurance Framework (SAF): Introduction and Overview. (Technical Note CMU/SEI-2017-TN-001). Retrieved May 23, 2024, from https://doi.org/10.1184/R1/6582620.v1.

@techreport{alberts_2017,
author={Alberts, Christopher and Woody, Carol},
title={Prototype Software Assurance Framework (SAF): Introduction and Overview},
month={Apr},
year={2017},
number={CMU/SEI-2017-TN-001},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6582620.v1},
note={Accessed: 2024-May-23}
}

Alberts, Christopher, and Carol Woody. "Prototype Software Assurance Framework (SAF): Introduction and Overview." (CMU/SEI-2017-TN-001). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, April 6, 2017. https://doi.org/10.1184/R1/6582620.v1.

C. Alberts, and C. Woody, "Prototype Software Assurance Framework (SAF): Introduction and Overview," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2017-TN-001, 6-Apr-2017 [Online]. Available: https://doi.org/10.1184/R1/6582620.v1. [Accessed: 23-May-2024].

Alberts, Christopher, and Carol Woody. "Prototype Software Assurance Framework (SAF): Introduction and Overview." (Technical Note CMU/SEI-2017-TN-001). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 6 Apr. 2017. https://doi.org/10.1184/R1/6582620.v1. Accessed 23 May. 2024.

Alberts, Christopher; & Woody, Carol. Prototype Software Assurance Framework (SAF): Introduction and Overview. CMU/SEI-2017-TN-001. Software Engineering Institute. 2017. https://doi.org/10.1184/R1/6582620.v1