What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete solution. Choose all that apply.
A.
Develop software requirements.
B.
Implement change control procedures.
C.
Develop evaluation criteria and evaluation plan.
There is A Reference Guide for Security-Enhanced Software Acquisition and Outsourcing called "Software Assurance in Acquisition: Mitigating Risks to the Enterprise" by Information Resources Management College of National Defense University
https://apps.dtic.mil/sti/pdfs/ADA495389.pdf
It defines the folloiwng phases:
- planning
- contracting
- monitoring and acceptance
- follow-on
The planning phase (quote) "begins with (1) needs determination for acquiring software services or products, identifying potential alternative software approaches, and identifying risks associated with those alternatives. This set of activities is followed by (2) developing software requirements to be included in work statements; (3) creating an acquisition strategy and/or plan that includes identifying risks associated with various software acquisition strategies; and (4) developing evaluation criteria and an evaluation plan. SwA considerations are discussed for each of the major activities. In the last part of this section (2.5), the development and use of SwA due diligence questionnaires are discussed.
Implementing change control procedures typically occurs during the monitoring & acceptance phase when overlooking potential issues after deployment consequently creating deviations from intended outcomes or previous stages' goals within this life cycle model used as a reference guide by Information Resources Management College (IRMC) at National Defense University (NDU). Therefore it is not included in the planning phase's set of activities described above since it does not directly deal with designing new SwA measures but enforcing those previously established earlier while ensuring that their implementation matches original plans accordingly throughout runtime modifications performed when needed forming part of production maintenance.
Implementing change (or configuration) control procedures is a part of Monitoring and Acceptance Phase, not of a Planning Phase.
Therefore, the correct answer is ACD.
In the Planning Phase, there are several activities undertaken to ensure that Software Assurance in Acquisition is thoroughly considered before moving on to subsequent phases of development.
Developing comprehensive software requirements helps identify which factors must be present in acquired or outsourced products or services for them to meet all functional and security-based specifications appropriately.
Creating an evaluation plan and associated criteria allows project stakeholders to decide what aspects will be covered when examining potential vendors' proposals, work products, or services offered during the contracting phase adequately.
Finally, outlining a clear acquisition strategy enables procuring organizations (including government institutions) to stay aware of relevant mandates/regulations potentially impeding progress related to acquiring security-enhanced software development activities while developing a thorough course of action for mitigating any issues encountered during this stage effectively.
This set of activities is followed
by (2) developing software requirements to be included in work statements; (3) creating an acquisition
strategy and/or plan that includes identifying risks associated with various software acquisition
strategies; and (4) developing evaluation criteria and an evaluation plan. SwA considerations are
discussed for each of the major activities.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
74gjd_37
5 months, 3 weeks ago74gjd_37
5 months, 3 weeks ago74gjd_37
5 months, 3 weeks ago74gjd_37
5 months, 3 weeks ago4e3rv21rq3vq2q
1 year, 8 months ago