Software Engineering Institute

Secure acquisition is a management/technical discipline that ensures the integrity of purchased systems and networks. Secure acquisition ensures that all purchasing risks and single points of failure are identified and mitigated to a sufficient level of satisfaction for all of the stakeholders up and down the supply chain. Secure acquisition is built around a strategic, enterprise level planning and control process and is widely thought to be a function of generic risk management and technical assurance. However, because of the multifaceted environment it operates in, secure acquisition involves a much more comprehensive set of basic activities than simple software assurance. Mitigation development and deployment of a secure acquisition process involves a range of academic disciplines from governance, to specification and analysis, legal and regulatory compliance to knowledge management and testing. Acquisition assurance is typically established at three levels in the organization: strategic, project infrastructure, and individual product assurance. This course examines all three of these from a top down perspective.