Note: This page is part of the archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact if you have any questions about the US-CERT website archive.


A primary objective for this content area is to raise acquirers’ awareness of their role in “building security in” for major software-intensive systems. The initial articles describe an acquisition life-cycle framework for security activities, products, and reviews and for selected acquisition contexts and life cycle phases. The authors provide additional guidance on methods and resources for acquirers to identify and manage security risks, with the goal of producing systems that are sufficiently robust to assure mission success.