Software Engineering Institute

This paper was produced by the Software Engineering Institute at Carnegie Mellon University in support of the Agile acquisition research agenda funded by the Office of the Secretary of Defense. This paper is part of a larger research study focused on understanding the implications of applying a rapid, incremental development approach, such as Agile, on the Department of Defense (DoD) acquisition process. An overarching goal of this research agenda is to identify areas of tension between Agile and existing processes and provide recommendations for improvement to those processes. In support of the overarching research agenda, several "point" papers are being developed on particular topic areas. The topic of this particular paper is the natural tension between rapid fielding and response to change (characterized as agility) and DoD information assurance policy. The authors gathered information for the paper primarily by conducting interviews with several DoD project managers and information assurance representatives. The interview findings are organized into a list of key challenges and recommendations. The paper also includes a five- to ten-year future outlook with respect to information assurance and agility in DoD. The opinions, findings, conclusions, and recommendations expressed in this Technical Note are those of the authors and do not necessarily reflect the views of the United States Department of Defense.