print font size font_plus font_minus font_reset

Guidance & Tools

The following guidance and tools are provided to assist defense acquisition professionals.

Defense Acquisition Guidebook (DAG)
The Undersecretary of Defense (Acquisition, Technology and Logistics) directed the development of this virtual Defense Acquisition Guidebook to assist the DoD acquisition workforce in using and understanding the DoD Acquisition Policies, and the guidance associated with those policies. This site provides the following multi-view perspectives to help the user easily navigate policy and discretionary best practice documents: document, life cycle framework, and functional/topic.

DAG Chapter 7, Acquiring Information Technology and National Security Systems
This chapter contains 10 sections that present the Program Manager with a comprehensive review of topics, concepts, and activities associated with the acquisition of Information Technology and National Security Systems. Topics of interest include interoperability and supportability of information technology and national security systems and information assurance.

DAG Chapter 8, Intelligence, Counterintelligence, and Security Support
This chapter contains 6 sections that focus Program Manager attention on and describe Program Manager responsibilities regarding the prevention of inadvertent technology transfer of dual-use and leading edge military technologies that support future defense platforms and DoD capabilities-based military strategies; and, 2) to provide guidance and describe support available for protecting those technologies including system security engineering, anti-tamper (AT), and information assurance.

back to top

Integrated Defense Acquisition, Technology, & Logistics Life Cycle Management Framework, Version 5.2 (2004)
The Integrated Defense Acquisition, Technology and Logistics Life Cycle Management Framework Chart is an essential aid for defense acquisition professionals, and a workflow learning tool for AT&L professionals and Defense Acquisition University (DAU) courses.  It serves as a pictorial roadmap of most key activities in the systems acquisition process.  The chart is based on information in the Defense Acquisition Guidebook and key DoD policy documents such as the 5000 Series and CJCS instructions, and illustrates the interaction of the following three major decision support systems:

  • Capabilities Development (Joint Capabilities Integration & Development System (JCIDS)
  • Acquisition Management (Defense Acquisition System)
  • Planning, Programming, Budgeting and Execution (PPBE) Process

back to top

DoD 5200.1-M, Acquisition Systems Protection Program (March 16, 1994)
This Manual is issued under the authority of DoD Directive 5200.1, DoD Information Security Program, June 7, 1982. The protection standards and guidance described within this Manual are required to prevent foreign intelligence collection and unauthorized disclosure of essential program information, technologies and/or systems during the DoD acquisition process. The goal of the program is to selectively and effectively apply security countermeasures to protect essential information, reduce costs, and reduce administrative burden of security.

back to top

Engineering for System Assurance, Version 1.0 (October 2008)
This guidebook provides process and technology guidance to increase the level of system assurance. This guidebook is intended primarily to aid program managers (PMs) and systems engineers (SEs) who are seeking guidance on how to incorporate assurance measures into their system life cycles. Assurance for security must be integrated into the systems engineering activities to be cost-effective, timely, and consistent. This guidebook is a synthesis of knowledge gained from existing practices, recommendations, policies, and mandates. System assurance activities are executed throughout the system life cycle. This guidebook is organized based on ISO/IEC 15288:2008, Systems and software engineering – System life cycle processes. While there are other life cycle frameworks, this ISO/IEC standard combines a suitably encompassing nature while also providing sufficient specifics to drive system assurance. Those who use other life cycle frameworks should find it easy to map their frameworks to the ISO framework. This guidebook also provides an assurance guidance section for use by the U.S. Department of Defense (DoD) and DoD contractors and subcontractors. This information is organized according to phases of the DoD Integrated Defense Acquisition, Technology and Logistics Life Cycle Management Framework discussed in DoD Directive 5000.1, DoD Instruction 5000.2, and the Defense Acquisition Guidebook (DAG) system life cycle.

back to top

Systems Engineering Guide for Systems of Systems, Version 1.0 (August 2008)
Systems engineering (SE) is recognized as a key contributor to successful systems acquisition and is equally important for systems of systems (SoS). This guide examines the SoS environment as it exists in the DoD today and the challenges it poses for systems engineering. It identifies seven core SoS SE elements needed to evolve and sustain SoS capabilities and it provides insights on the 16 DoD Technical Management Processes and Technical Processes presented in the Defense Acquisition Guidebook Chapter 4 Systems Engineering as they support SE in the context of SoS. The Department recognizes that this guide only begins to address the broad set of SoS SE challenges. Subsequent versions of the guide will increase in scope and detail. This guide assumes an understanding of SE and is intended as a reference only and not as a comprehensive SE manual.

back to top

CMMI for Development (CMMI-DEV), Version 1.2 (August 2006)
CMMI® (Capability Maturity Model® Integration) is a process improvement maturity model for the development of products and services. It consists of best practices that address development and maintenance activities that cover the product lifecycle from conception through delivery and maintenance. This latest iteration of the model as represented herein integrates bodies of knowledge that are essential for development and maintenance, but that have been addressed separately in the past, such as software engineering, systems engineering, hardware and design engineering, the engineering "-ilities" and acquisition. The prior designations of CMMI for systems engineering and software engineering (CMMI-SE/SW) are superseded by the title "CMMI for Development" to truly reflect the comprehensive integration of these bodies of knowledge and the application of the model within the organization. CMMI for Development (CMMI-DEV) provides a comprehensive integrated solution for development and maintenance activities applied to products and services.

back to top

CMMI® for Acquisition Primer, Version 1.2 (May 2008)
Using best practices from the CMMI® (Capability Maturity Model® Integration) for Acquisition (CMMI-ACQ) model, this primer defines effective and efficient practices for acquisition projects. These best practices address activities that include monitoring and controlling contractors and suppliers that develop products and services and deliver services. The practices in this primer provide a foundation for acquisition process discipline and rigor that enables product and service development and service delivery to be repeatedly executed for ultimate acquisition success. This primer can be used by projects that acquire products or services in government and non-government organizations to improve acquisition processes. Selected content of the CMMI-ACQ model is used in this primer as a basis for helping readers unfamiliar with CMMI to begin their process improvement journey. After using this primer, most organizations will want to implement the CMMI-ACQ model. This primer can also be used by acquisition organizations that manage several related acquisition projects (e.g., product centers, acquisition commands) to establish an acquisition process improvement program. However, organizations at that level should consider using the CMMI-ACQ model instead because it includes organizational process management practices.

back to top

CMMI® for Acquisition (CMMI-ACQ), Version 1.2 (November 2007)
The CMMI-ACQ model, developed by the DoD-sponsored Software Engineering Institute, is designed for use in managing a supply chain by those who acquire, procure, or otherwise select and purchase products and services for business purposes. This model is a continuation of work to define best practices for organizations that acquire products and services or outsource development and support, which was work begun in a partnership between General Motors and the SEI. CMMI-ACQ provides guidance to acquisition organizations for initiating and managing the acquisition of products and services that meet the needs of the customer. The model focuses on acquirer processes and integrates bodies of knowledge that are essential for successful acquisitions.

back to top

Understanding and Leveraging a Supplier's CMMI® Efforts: A Guidebook for Acquirers (March 2007)
This guidebook was a major effort to help acquirers benefit from a supplier's use of CMMI while avoiding the pitfalls associated with unrealistic expectations. The Guidebook describes CMMI fundamentals and gives the kind of information on maturity and capability ratings that will help acquirers to effectively interpret information obtained from a supplier's CMMI effort. It includes explanations of capability and maturity levels and the differences between the two CMMI representations (continuous and staged). It explains more obscure elements of CMMI, such as equivalent staging, high maturity, capability levels, and other terms and concepts that acquirers may encounter in proposals and in everyday dealings with suppliers. Finally, it cautions acquirers and users of CMMI that high maturity or capability ratings alone are not a guarantee of program success.

back to top

ISO/IEC 12207: Systems and Software Engineering—Software Life Cycle Processes (2008)
ISO/IEC 12207:2008 establishes a common framework for software life cycle processes, with well-defined terminology, that can be referenced by the software industry. It contains processes, activities, and tasks that are to be applied during the acquisition of a software product or service and during the supply, development, operation, maintenance and disposal of software products. Software includes the software portion of firmware. ISO/IEC 12207:2008 applies to the acquisition of systems and software products and services, to the supply, development, operation, maintenance, and disposal of software products and the software portion of a system, whether performed internally or externally to an organization. Those aspects of system definition needed to provide the context for software products and services are included. ISO/IEC 12207:2008 also provides a process that can be employed for defining, controlling, and improving software life cycle processes. The processes, activities and tasks of ISO/IEC 12207:2008 - either alone or in conjunction with ISO/IEC 15288 - may also be applied during the acquisition of a system that contains software. This standard is available for purchase via ISO and agreement with IEEE.

back to top

ISO/IEC 15288: Systems and Software Engineering—Systems Life Cycle Processes (2008)
ISO/IEC 15288:2008 establishes a common framework for describing the life cycle of systems created by humans. It defines a set of processes and associated terminology. These processes can be applied at any level in the hierarchy of a system's structure. Selected sets of these processes can be applied throughout the life cycle for managing and performing the stages of a system's life cycle. This is accomplished through the involvement of all interested parties, with the ultimate goal of achieving customer satisfaction. ISO/IEC 15288:2008 also provides processes that support the definition, control and improvement of the life cycle processes used within an organization or a project. Organizations and projects can use these life cycle processes when acquiring and supplying systems. ISO/IEC 15288:2008 concerns those systems that are man-made and may be configured with one or more of the following: hardware, software, data, humans, processes (e.g., processes for providing service to users), procedures (e.g., operator instructions), facilities, materials and naturally occurring entities. When a system element is software, the software life cycle processes documented in ISO/IEC 12207:2008 may be used to implement that system element. ISO/IEC 15288:2008 and ISO/IEC 12207:2008 are harmonized for concurrent use on a single project or in a single organization. This standard is available for purchase via ISO and agreement with IEEE.

back to top

ISO/IEC 26702: Systems Engineering—Application and Management of the SE Process (2007)
ISO/IEC 26702:2007 defines the interdisciplinary tasks which are required throughout a system's life cycle to transform customer needs, requirements and constraints into a system solution. In addition, it specifies the requirements for the systems engineering process and its application throughout the product life cycle. ISO/IEC 26702:2007 focuses on engineering activities necessary to guide product development, while ensuring that the product is properly designed to make it affordable to produce, own, operate, maintain and eventually dispose of without undue risk to health or the environment. It is an adoption of IEEE 1220. This standard is available for purchase via ISO and agreement with IEEE.

back to top