Security considerations in the acquisition of computer systems

Abstract

The paper describes Air Force System Security Memorandum (AFSSM) 5024, security considerations in the acquisition of computer systems, and how to go about a multidisciplinary approach for including security in any system development or acquisition. The AFSSM is a handbook for program managers providing guidance on developing security specifications for requests for proposals (RFP), including contract data requirements list (CDRL) and data items descriptions (DID). It also provides the delivery timing of resulting deliverables in the development life cycle. In addition to discussing the document, the paper describes some lessons learned from using the AFSSM's draft versions, the status of its development and its future use.<>