Supporting the Use of CERT (registered trademark) Secure Coding Standards in DoD Acquisitions

Abstract

The United States Department of Defense (DoD) increasingly depends on networked software systems. One result of this dependency is an increase in attacks on both military and non-military systems as attackers look to exploit software vulnerabilities. Program acquisition offices are emphasizing information assurance to address various threats. The Defense Information Systems Agency (DISA) created the Application Security and Development Security Technical Implementation Guide (STIG) in response to DoD Directive 8500.IE, which establishes policies and assigns responsibilities for achieving DoD information assurance. That STIG provides guidance for information assurance and security throughout a program s lifecycle, and it is specified as a requirement for DoD-developed, -architected, and -administered applications and systems that are connected to DoD networks.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 01, 2012
Accession Number
ADA611351

Entities

People

  • John Bergey
  • Philip Miller
  • Robert Seacord
  • Tim Morrow

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems
  • Weapons Technologies

DTIC Thesaurus Topics

  • Acquisition
  • C Programming Language
  • Computer Access Control
  • Computer Programming
  • Computer Programs
  • Computers
  • Information Assurance
  • Information Systems
  • Language
  • Programming Languages
  • Risk Analysis
  • Security
  • Software Development
  • Software Testing
  • Test And Evaluation
  • Vulnerability
  • Web Service

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Defense Financial Management and Audit.
  • Defense Technology Research and Development.