• SwA Communities
• SwA Forums & Working Groups
• Workforce Education & Training
•     - Activities
•     - Resources
•     - Collaborations
•     - Licensing and Certification
• Processes & Practices
•     - Activities
•     - Resources
•     - Collaborations
• Technology & Tools
•     - Activities
•     - Resources
•     - Collaborations & Research
• Acquisition & Outsourcing
•     - Activities
•     - Resources
•     - Collaborations
• Measurement & Business Case
•     - Activities
•     - Resources
•     - Business Case
•     - Collaborations & Examples
•     - Resources
• Malware & Cyber Observables
•     - Activities
•     - Resources
• Resilient Software
• SwA Market Place
• SwA Landscape
• SwA Ecosystem
• Security Automation & Measurement
• Build Security In

Acquisition and Outsourcing Working Group

Activities

Software Assurance (SwA) in Acquisition: Mitigating Risks to the Enterprise provides information on how to incorporate SwA considerations in key decisions and how to exercise due diligence throughout the acquisition process relative to potential risk exposures that could be introduced by the supply chain. It includes

• practices that enhance SwA in the purchasing process
• due diligence questionnaires designed to support risk mitigation efforts by eliciting information about the software supply chain (these are also provided in Word format so they can be customized)
• sample contract provisions
• sample language to include in statements of work

A general acquisition process and its associated acquisition phases are used in the document to organize the discussion of SwA considerations throughout the acquisition process.

We developed two SwA in Acquisition and Outsourcing pocket guides from this document: 

• Software Assurance in Acquisition and Contract Language
• Software Supply Chain Risk Management and Due Diligence

Please send us your feedback on this document and the above pocket guides.

 

Contact Us Terms of Use Privacy Policy Sitemap Get a PDF Reader ©2013 Department of Homeland Security