- SSE Home
- Enterprise Development
- Developmental Test & Evaluation
- Software Engineering & System Assurance
- Assessments & Support
Guidance & Tools
The following guidance and tools are provided to assist defense acquisition professionals.
- Defense Acquisition Guidebook (DAG)
- Integrated Defense Acquisition, Technology, & Logistics Life Cycle Management Framework, Version 5.2 (2004)
- DoD 5200.1-M, Acquisition Systems Protection Program (March 16, 1994)
- Engineering for System Assurance, Version 1.0 (October 2008)
- Systems Engineering Guide for Systems of Systems, Version 1.0 (August 2008)
- CMMI® for Development (CMMI-DEV), Version 1.2 (August 2006)
- CMMI® for Acquisition (CMMI-ACQ) Primer, Version 1.2 (May 2008)
- CMMI® for Acquisition (CMMI-ACQ), Version 1.2 (November 2007)
- Understanding and Leveraging a Supplier's CMMI Efforts: A Guidebook for Acquirers
- ISO/IEC 12207: Systems and Software Engineering—Software Life Cycle Processes
- ISO/IEC 15288: Systems and Software Engineering—Systems Life Cycle Processes
- ISO/IEC 26702: Systems Engineering—Application and Management of the SE Process
Defense
Acquisition Guidebook (DAG)
The Undersecretary of Defense (Acquisition, Technology and Logistics)
directed the development of this virtual Defense Acquisition Guidebook
to assist the DoD acquisition workforce in using and understanding
the DoD Acquisition Policies, and the guidance associated with those
policies. This site provides the following multi-view perspectives
to help the user easily navigate policy and discretionary best practice
documents: document, life cycle framework, and functional/topic.
DAG Chapter 7, Acquiring Information Technology
and National Security Systems
This chapter contains 10 sections that present the Program Manager
with a comprehensive review of topics, concepts, and activities associated
with the acquisition of Information Technology and National Security
Systems. Topics of interest include interoperability and supportability
of information technology and national security systems and information
assurance.
DAG Chapter 8, Intelligence, Counterintelligence,
and Security Support
This chapter contains 6 sections that focus Program Manager attention
on and describe Program Manager responsibilities regarding the prevention
of inadvertent technology transfer of dual-use and leading edge military
technologies that support future defense platforms and DoD capabilities-based
military strategies; and, 2) to provide guidance and describe support
available for protecting those technologies including system security
engineering, anti-tamper (AT), and information assurance.
Integrated
Defense Acquisition, Technology, & Logistics Life Cycle Management
Framework, Version 5.2 (2004)
The Integrated Defense Acquisition, Technology and Logistics Life Cycle
Management Framework Chart is an essential aid for defense acquisition
professionals, and a workflow learning tool for AT&L professionals
and Defense Acquisition University (DAU) courses. It serves as
a pictorial roadmap of most key activities in the systems acquisition
process. The chart is based on information in the Defense Acquisition
Guidebook and key DoD policy documents such as the 5000 Series and
CJCS instructions, and illustrates the interaction of the following
three major decision support systems:
- Capabilities Development (Joint Capabilities Integration & Development System (JCIDS)
- Acquisition Management (Defense Acquisition System)
- Planning, Programming, Budgeting and Execution (PPBE) Process
DoD 5200.1-M, Acquisition
Systems Protection Program (March 16, 1994)
This Manual is issued under the authority of DoD Directive 5200.1,
DoD Information Security Program, June 7, 1982. The protection standards
and guidance described within this Manual are required to prevent foreign
intelligence collection and unauthorized disclosure of essential program
information, technologies and/or systems during the DoD acquisition
process. The goal of the program is to selectively and effectively
apply security countermeasures to protect essential information, reduce
costs, and reduce administrative burden of security.
Engineering
for System Assurance, Version 1.0 (October 2008)
This guidebook provides process and technology guidance to increase the level of system
assurance. This guidebook is intended primarily to aid program managers (PMs) and systems
engineers (SEs) who are seeking guidance on how to incorporate assurance measures into their
system life cycles. Assurance for security must be integrated into the systems engineering activities to be cost-effective, timely, and consistent. This
guidebook is a synthesis of knowledge gained from existing practices, recommendations, policies,
and mandates. System assurance activities are executed throughout the system life cycle.
This guidebook is organized based on ISO/IEC 15288:2008, Systems and software
engineering – System life cycle processes. While there are other life cycle frameworks, this
ISO/IEC standard combines a suitably encompassing nature while also providing sufficient
specifics to drive system assurance. Those who use other life cycle frameworks should find it
easy to map their frameworks to the ISO framework. This guidebook also provides an assurance guidance section for use by the U.S. Department
of Defense (DoD) and DoD contractors and subcontractors. This information is
organized according to phases of the DoD Integrated Defense Acquisition, Technology and
Logistics Life Cycle Management Framework discussed in DoD Directive 5000.1, DoD
Instruction 5000.2, and the Defense Acquisition Guidebook (DAG) system life cycle.
Systems Engineering Guide for Systems of Systems, Version 1.0 (August 2008)
Systems engineering (SE) is recognized as a key contributor to successful systems acquisition and is equally important for systems of systems (SoS). This guide examines the SoS environment as it exists in the DoD today and the challenges it poses for systems engineering. It identifies seven core SoS SE elements needed to evolve and sustain SoS capabilities and it provides insights on the 16 DoD Technical Management Processes and Technical Processes presented in the Defense Acquisition Guidebook Chapter 4 Systems Engineering as they support SE in the context of SoS. The Department recognizes that this guide only begins to address the broad set of SoS SE challenges. Subsequent versions of the guide will increase in scope and detail. This guide assumes an understanding of SE and is intended as a reference only and not as a comprehensive SE manual.
CMMI
for Development (CMMI-DEV), Version 1.2 (August 2006)
CMMI® (Capability Maturity Model® Integration) is a process
improvement maturity model for the development of products and services.
It consists of best practices that address development and maintenance
activities that cover the product lifecycle from conception through
delivery and maintenance. This latest iteration of the model as represented
herein integrates bodies of knowledge that are essential for development
and maintenance, but that have been addressed separately in the past,
such as software engineering, systems engineering, hardware and design
engineering, the engineering "-ilities" and acquisition.
The prior designations of CMMI for systems engineering and software
engineering (CMMI-SE/SW) are superseded by the title "CMMI for
Development" to truly reflect the comprehensive integration of
these bodies of knowledge and the application of the model within the
organization. CMMI for Development (CMMI-DEV) provides a comprehensive
integrated solution for development and maintenance activities applied
to products and services.
CMMI® for Acquisition Primer, Version 1.2 (May 2008)
Using best practices from the CMMI® (Capability Maturity Model® Integration) for Acquisition (CMMI-ACQ) model, this primer defines effective and efficient practices for acquisition projects. These best practices address activities that include monitoring and controlling contractors and suppliers that develop products and services and deliver services. The practices in this primer provide a foundation for acquisition process discipline and rigor that enables product and service development and service delivery to be repeatedly executed for ultimate acquisition success. This primer can be used by projects that acquire products or services in government and non-government organizations to improve acquisition processes. Selected content of the CMMI-ACQ model is used in this primer as a basis for helping readers unfamiliar with CMMI to begin their process improvement journey. After using this primer, most organizations will want to implement the CMMI-ACQ model. This primer can also be used by acquisition organizations that manage several related acquisition projects (e.g., product centers, acquisition commands) to establish an acquisition process improvement program. However, organizations at that level should consider using the CMMI-ACQ model instead because it includes organizational process management practices.
CMMI® for
Acquisition (CMMI-ACQ), Version 1.2 (November 2007)
The CMMI-ACQ model, developed by the DoD-sponsored Software Engineering
Institute, is designed for use in managing a supply chain by those
who acquire, procure, or otherwise select and purchase products and
services for business purposes. This model is a continuation of work
to define best practices for organizations that acquire products and
services or outsource development and support, which was work begun
in a partnership between General Motors and the SEI. CMMI-ACQ provides
guidance to acquisition organizations for initiating and managing the
acquisition of products and services that meet the needs of the customer.
The model focuses on acquirer processes and integrates bodies of knowledge
that are essential for successful acquisitions.
Understanding
and Leveraging a Supplier's CMMI® Efforts: A Guidebook for Acquirers (March
2007)
This guidebook was a major effort to help acquirers benefit from a
supplier's use of CMMI while avoiding the pitfalls associated with
unrealistic expectations. The Guidebook describes CMMI fundamentals
and gives the kind of information on maturity and capability ratings
that will help acquirers to effectively interpret information obtained
from a supplier's CMMI effort. It includes explanations of capability
and maturity levels and the differences between the two CMMI representations
(continuous and staged). It explains more obscure elements of CMMI,
such as equivalent staging, high maturity, capability levels, and other
terms and concepts that acquirers may encounter in proposals and in
everyday dealings with suppliers. Finally, it cautions acquirers and
users of CMMI that high maturity or capability ratings alone are not
a guarantee of program success.
ISO/IEC 12207: Systems and Software Engineering—Software
Life Cycle Processes (2008)
ISO/IEC 12207:2008 establishes a common framework for software life
cycle processes, with well-defined terminology, that can be referenced
by the software industry. It contains processes, activities, and tasks
that are to be applied during the acquisition of a software product
or service and during the supply, development, operation, maintenance
and disposal of software products. Software includes the software portion
of firmware. ISO/IEC 12207:2008 applies to the acquisition of systems
and software products and services, to the supply, development, operation,
maintenance, and disposal of software products and the software portion
of a system, whether performed internally or externally to an organization.
Those aspects of system definition needed to provide the context for
software products and services are included. ISO/IEC 12207:2008 also
provides a process that can be employed for defining, controlling,
and improving software life cycle processes. The processes, activities
and tasks of ISO/IEC 12207:2008 - either alone or in conjunction with
ISO/IEC 15288 - may also be applied during the acquisition of a system
that contains software. This standard is available for purchase via
ISO and agreement with IEEE.
ISO/IEC 15288: Systems and Software Engineering—Systems
Life Cycle Processes (2008)
ISO/IEC 15288:2008 establishes a common framework for describing the
life cycle of systems created by humans. It defines a set of processes
and associated terminology. These processes can be applied at any level
in the hierarchy of a system's structure. Selected sets of these processes
can be applied throughout the life cycle for managing and performing
the stages of a system's life cycle. This is accomplished through the
involvement of all interested parties, with the ultimate goal of achieving
customer satisfaction. ISO/IEC 15288:2008 also provides processes that
support the definition, control and improvement of the life cycle processes
used within an organization or a project. Organizations and projects
can use these life cycle processes when acquiring and supplying systems.
ISO/IEC 15288:2008 concerns those systems that are man-made and may
be configured with one or more of the following: hardware, software,
data, humans, processes (e.g., processes for providing service to users),
procedures (e.g., operator instructions), facilities, materials and
naturally occurring entities. When a system element is software, the
software life cycle processes documented in ISO/IEC 12207:2008 may
be used to implement that system element. ISO/IEC 15288:2008 and ISO/IEC
12207:2008 are harmonized for concurrent use on a single project or
in a single organization. This standard is available for purchase via
ISO and agreement with IEEE.
ISO/IEC 26702: Systems Engineering—Application and Management
of the SE Process (2007)
ISO/IEC 26702:2007 defines the interdisciplinary tasks which are required
throughout a system's life cycle to transform customer needs, requirements
and constraints into a system solution. In addition, it specifies the
requirements for the systems engineering process and its application
throughout the product life cycle. ISO/IEC 26702:2007 focuses on engineering
activities necessary to guide product development, while ensuring that
the product is properly designed to make it affordable to produce,
own, operate, maintain and eventually dispose of without undue risk
to health or the environment. It is an adoption of IEEE 1220. This
standard is available for purchase via ISO and agreement with IEEE.