Improving Security in Software Acquisition and Runtime Integration With Data Retention Specifications

Report Number: SYM-AM-16-042

Series: Acquisition Management

Category: Information Technology

Report Series: Symposium Proceedings

Authors: Daniel Smullen, Travis Breaux

Title: Improving Security in Software Acquisition and Runtime Integration With Data Retention Specifications

Published: 2016-05-01

Sponsored By: Acquisition Research Program

Status: Published--Unlimited Distribution

Research Type: Other Research Faculty

Full Text URL: http://www.acquisitionresearch.net/files/FY2016/SYM-AM-16-042.pdf

Keywords: Cybersecurity, software acquisition

Abstract:

The Department of Defense (DoD) Risk Management Framework (RMF) for IT systems is aligned with the National Institute for Standards and Technology (NIST) guidance for federal IT architectures, including emergent mobile and cloud-based platforms. This guidance serves as a prescriptive lifecycle for IT engineers to recognize, understand, and mitigate security risks. However, integrators are left with the challenge