There is a tension between the need to release capabilities rapidly and
the length of time needed to acquire capabilities, which includes the
time needed to complete accreditation processes. To accomplish both
requires an increased attention to operational requirements, effective
use of architecture, ability to release smaller software components, and
a major shift from monolithic, after-the-fact information assurance to
mission assurance.
This presentation describes an approach and
provides examples showing how software security assurance can be
achieved while keeping the desired pace of releasing new capabilities.
It concludes with a challenge to the audience to adopt and adapt the
approach so mission assured software capabilities are released at the
pace needed by the warfighter rather than a pace dictated by
accreditation processes.