Acquisition Security Framework (ASF): Informing Software Bill of Materials (SBOM) Use Cases and Risk Reduction

Abstract

Challenge: Integrated Security and Supplier Risk Management across the Organization Security and supplier risk management are typically outside of the program risk management. Information is scattered in many documents such as Program Protection Plan (PPP), Cybersecurity Plan,System Development Plan, Supply Chain Risk Management Plan, etc. Many activities across the organization are critical to managing cyber risks and must be addressed collaboratively across the lifecycle and supply chain and integrated with program risk management.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 22, 2023
Accession Number
AD1199684

Entities

People

  • Carol C. Woody
  • Charles Wallen
  • Christopher J. Alberts
  • Mike Bandor

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Acquisition
  • Artifacts
  • Business Administration
  • Cybersecurity
  • Department Of Defense
  • Engineering
  • Failure Mode And Effect Analysis
  • Governments
  • Infrastructure
  • Lessons Learned
  • Materials
  • Program Management
  • Risk
  • Risk Management
  • Risk Reduction
  • Software Development
  • Supply Chain
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Software Engineering.

Technology Areas

  • Cyber