Tuesday, May 11, 2010

Systems Assurance Guidebook

The National Defense Industrial Association, NDIA, in 2008 published a systems assurance [SA] guidebook entitled "Engineering for Systems Assurance".

From the executive summary, the threat:
"For decades, industry and defense organizations have tried to build affordable, secure, and trustworthy systems.  Despite significant strides towards this goal, there is ample evidence that adversaries retain their ability to compromise systems"

And this definition of SA:
"System Assurance is the justified confidence that the system functions as intended , and is free of exploitable vulnerabilities...."

In an article in this month's Crosstalk, the journal of defense software engineering, there is a discussion of how SA fits into the DoD's program acquisition framework, the general lifecycle of large scale programs [projects] in the DoD.

The whole concept is built around an idea called an "assurance case".  In the case, the program manager and system engineer assert, with proof, that the functions are indeed free of exploitable vulnerabilities.

Frankly, its good to know that someone is on the case!  What with China, Google, and a host of others including the social networks, SA is more important than ever before.  The guidebook is worth a read.

Are you on LinkedIn? Share this article with your network by clicking on the link.