Advanced Search

Content Type

Topics

Publication Date

Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions

Abstract

The United States Department of Defense (DoD) increasingly depends on networked software systems. One result of this dependency is an increase in attacks on both military and non-military systems as attackers look to exploit software vulnerabilities. Program acquisition offices are emphasizing information assurance to address various threats. The Defense Information Systems Agency (DISA) created the Application Security and Development Security Technical Implementation Guide (STIG) in response to DoD Directive 8500.IE, which establishes policies and assigns responsibilities for achieving DoD information assurance. That STIG provides guidance for information assurance and security throughout a program’s lifecycle, and it is specified as a requirement for DoD-developed, -architected, and -administered applications and systems that are connected to DoD networks. This technical note provides guidance to help DoD acquisition programs address software security in acquisitions. It provides background on the development of secure coding standards, sample request for proposal (RFP) language, and a mapping of the Application Security and Development STIG to the CERT® C Secure Coding Standard.

Cite This Report

Show Citation Formats

SEI

Morrow, Timothy; Seacord, Robert; Bergey, John; & Miller, Philip. Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions (CMU/SEI-2012-TN-016). Software Engineering Institute, Carnegie Mellon University, 2012. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28033

IEEE

Morrow. Timothy, Seacord. Robert, Bergey. John, and Miller. Philip, "Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2012-TN-016, 2012. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28033

APA

Morrow, Timothy., Seacord, Robert., Bergey, John., & Miller, Philip. (2012). Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions (CMU/SEI-2012-TN-016). Retrieved October 25, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28033

CHI

Timothy Morrow, Robert Seacord, John Bergey, & Philip Miller. Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions (CMU/SEI-2012-TN-016). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2012. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28033

MLA

Morrow, Timothy., Seacord, Robert., Bergey, John., & Miller, Philip. 2012. Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions (Technical Report CMU/SEI-2012-TN-016). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=28033