Towards Rapid Recertification Using Formal Analysis

Report Number: SYM-AM-15-104

Series: Acquisition Management

Category: Weapons Systems Procurement

Report Series: Symposium Proceedings

Authors: Daniel Smullen, Travis Breaux

Title: Towards Rapid Recertification Using Formal Analysis

Published: 2015-04-01

Sponsored By: Acquisition Research Program

Status: Published--Unlimited Distribution

Research Type: Other Research Faculty

Full Text URL: http://acquisitionresearch.net/files/FY2015/SYM-AM-15-104.pdf

Keywords: Proceedings, Thursday Sessions, Vol. 2, Symposium

Abstract:

Department of Defense (DoD) acquisition requires IT to undergo the DoD information assurance certification and accreditation process (DIACAP), which makes architecturedependent assumptions. Emerging IT architectures, such as mobile and cloud-based platforms, invalidate these assumptions and prevent the DoD from acquiring commercial technologies that are readily available to adversaries. To address this problem, we extended our initial automation framework, wherein an application profile is expressed in a formal language and scaled with evolving architectural assumptions. These profiles will help ensure that information assurance requirements are commensurate with risk and scalable based on an application