Contracting Officer s Representative (COR) Interactive SharePoint Wiki



Similar documents
Moving Target Reference Implementation

2012 CyberSecurity Watch Survey

Exploring the Interactions Between Network Data Analysis and Security Information/Event Management

Applying Software Quality Models to Software Security

Cyber Intelligence Workforce

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division

VoIP in Flow A Beginning

Overview. CMU/SEI Cyber Innovation Center. Dynamic On-Demand High-Performance Computing System. KVM and Hypervisor Security.

How To Use Elasticsearch

Risk Management Framework

Buyer Beware: How To Be a Better Consumer of Security Maturity Models

Supply-Chain Risk Management Framework

Building Resilient Systems: The Secure Software Development Lifecycle

Abuse of CPE Devices and Recommended Fixes

A Study of Systems Engineering Effectiveness. Building a Business Case for Systems Engineering

Monitoring Trends in Network Flow for Situational Awareness

Assurance Cases for Design Analysis of Complex System of Systems Software

A Systematic Method for Big Data Technology Selection

SOA for Healthcare: Promises and Pitfalls

$100 SiLK Network Flow Sensor

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

Data Management Maturity (DMM) Model Update

Agile Development and Software Architecture: Understanding Scale and Risk

Extending AADL for Security Design Assurance of the Internet of Things

Network Monitoring for Cyber Security

Network Analysis with isilk

Operationally Critical Threat, Asset, and Vulnerability Evaluation SM (OCTAVE SM ) Framework, Version 1.0

An Application of an Iterative Approach to DoD Software Migration Planning

emontage: An Architecture for Rapid Integration of Situational Awareness Data at the Edge

CMMI for Acquisition, Version 1.3

Penetration Testing Tools

Software Security Engineering: A Guide for Project Managers

CMMI for SCAMPI SM Class A Appraisal Results 2011 End-Year Update

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

UFO: Verification with Interpolants and Abstract Interpretation

How To Ensure Security In A System

Architectural Implications of Cloud Computing

CMMI: What do we need to do in Requirements Management & Engineering?

Interpreting Capability Maturity Model Integration (CMMI ) for Business Development Organizations in the Government and Industrial Business Sectors

CERT Virtual Flow Collection and Analysis

Common Testing Problems: Pitfalls to Prevent and Mitigate

Department of Homeland Security Cyber Resilience Review (Case Study) Matthew Butkovic Technical Manager - Cybersecurity Assurance, CERT Division

Configuring and Monitoring SharePoint Servers

Introduction to the OCTAVE Approach

Getting Started with Service- Oriented Architecture (SOA) Terminology

CMMI for Development, Version 1.3

Service Measurement Index Framework Version 2.1

Arcade Game Maker Pedagogical Product Line: Marketing and Product Plan

A Framework for Categorizing Key Drivers of Risk

CMMI for Development, Version 1.3

Guidelines for Developing a Product Line Concept of Operations

Using NetIQ's Implementation of NetFlow to Solve Customer's Problems Lecture Manual

Do You Know the Difference Between Process Life Cycle and Life Cycle Process?

Software Assurance Competency Model

CRR Supplemental Resource Guide. Volume 5. Incident Management. Version 1.1

The Key to Successful Monitoring for Detection of Insider Attacks

Information Asset Profiling

Guidelines for Developing a Product Line Production Plan

CERT Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk Commercial Version 1.1

Open Source Software used in the product

Using EVMS with COTS-Based Systems

The CERT Top 10 List for Winning the Battle Against Insider Threats

CMM SM -Based Appraisal for Internal Process Improvement (CBA IPI): Method Description

Open Source Used In Cisco Instant Connect for ios Devices 4.9(1)

formerly Help Desk Authority Quest Free Network Tools User Manual

Symantec ESM Agent For IBM iseries AS/400

Deriving Software Security Measures from Information Security Standards of Practice

CRR Supplemental Resource Guide. Volume 3. Configuration and Change Management. Version 1.1

Microsoft SharePoint

BMC Remedy Action Request System 7.0 Open Source License Agreements

Cloud Computing Security in the Tactical Environment the Difference a Year Makes

Contracting for Agile Software Development in the Department of Defense: An Introduction

Boost Libraries Boost Software License Version 1.0

MEASURING YOUR PEOPLE. October 12, :00 am 8:50 am

CERT Resilience Management Model (CERT -RMM) V1.1: NIST Special Publication Crosswalk

ALM Works End-User License Agreement for Structure Plugin

DoD Agile Adoption: Necessary Considerations, Concerns, and Changes

Continuous Risk Management Guidebook

Software Acquisition Capability Maturity Model (SA-CMM ) Version 1.03

Resetting USB drive using Windows Diskpart command

Transcription:

Contracting Officer s Representative (COR) Interactive SharePoint Wiki James Smith Andy Boyd Software Solutions Conference 2015 November 16 18, 2015

Copyright 2015 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution except as restricted below. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. DM-0002777 2

Background -1 Today, when a Contracting Officer s Representative (COR) needs guidance on contracting for software solutions, there is no single reference: Many documents Contradictory guidance Not necessarily relevant to his/her agency Desire to have a single reference that can help guide CORs to an understanding of how software-intensive solutions: What is different about software-intensive solutions? How do these differences impact Contract planning Contract formation Contract management Contract closeout 3

Background -2 Result was the Contracting Officer s Representative (COR) Desk Guide Interactive aid for contract formation and award for software-intensive system acquisition Initial focus on Phase B contract award Contains general references and guidance Explicitly designed to be easily extensible and tailorable to different acquisition contexts, offices, and agencies Initially developed in SharePoint 2010; updated to SharePoint 2013 Updated to incorporate 2015 version of DoD 5000.02 4

Approach Collect existing references, guidance, best practices into a single knowledge base that can be accessed in multiple ways: Workflow perspective Topical perspective Interactive and hardcopy format Not simply a compilation of stuff, but a curated collection of the best available guidance drawn from multiple sources, including: Applicable statutory, regulatory, and agency guidance (i.e., FAR, DFARS, DoD Instructions, etc.) Deep knowledge and experience within SEI and other FFRDCs (e.g., SEI technical reports, Aerospace TORs) Other Agency and Service guidance (e.g., USAF Weapon Systems Software Management Guidebook) Applicable practices in existing acquisition and development models (e.g., CMMI-ACQ ) 5

Single Knowledge Base General and agency-specific guidance: 6

High-Level Structure The Desk Guide is organized around the acquisition life cycle, from Pre-Milestone A through Phase C Milestone entry criteria Phase software activities Phase exit criteria Within each phase, softwarerelated COR guidance provided, including representative RFP language and proposal evaluation criteria Knowledge base organized into general guidelines/references, agency-specific guidance, and specific topics (e.g., Software Requirements Specification SRS) 7

Workflow Perspective - 1 I need to 8

Workflow Perspective - 2 9

Workflow Perspective - 3 The data rights workflow provides an instance of a decision tree used in conjunction with the general and agency-specific guidance to lead a COR through a simple Yes/No path to determine the appropriate Government licensing and data rights 10

Topical Perspective - 1 I want to learn about 11

Topical Perspective - 2 12

Both Interactive and Hardcopy Formats 13

External Collaboration Environment COR Desk Guide Wiki mirrored on SEI s External Collaboration Environment SharePoint server https://workspace.sei.cmu.edu/sites/deskreferencewiki/sitepages/home.aspx 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information