« More Announcements
August 1, 2011—The following technical reports, special reports, and technical notes were published recently by the Software Engineering Institute. For the latest SEI technical reports and papers, see http://www.sei.cmu.edu/library/reportspapers.cfm.
Measures for Managing Operational Resilience
Julia H. Allen & Pamela D. Curtis
In this report, Resilient Enterprise Management (REM) team members suggest a set of top 10 strategic measures for managing operational resilience. These measures derive from high-level objectives of the operational resilience management system defined in the CERT Resilience Management Model, Version 1.1 (CERT-RMM). The report also provides measures for each of the 26 process areas of CERT-RMM, as well as a set of global measures that apply to all process areas. This report thus serves as an addendum to CERT-RMM Version 1.1.
Standards-Based Automated Remediation: A Remediation Manager Reference Implementation
Sagar Chaki, Rita Creel, Jeff Davenport, Mike Kinney, Benjamin McCormick, & Mary Popeck
This report describes the SEI's 2010 work for the National Security Agency Computer Network Defense Research and Technology Program Management Office to develop standards for remediation of vulnerabilities and compliance issues on Department of Defense (DoD) networked systems. The overall goals are to assist in the development of remediation standards, demonstrate the functionality that the DoD would like in a remediation manager, and increase efficiency and effectiveness of remediation by automating the remediation process.
A Decision Framework for Selecting Licensing Rights for Noncommercial Computer Software in the DoD Environment
A major acquisition challenge for a program where computer software is a critical element of the system is the upfront determination of an appropriate licensing rights strategy. This report describes standard noncommercial software licensing alternatives as defined by U.S. government and Department of Defense (DoD) regulations. It also suggests an approach for objectively identifying agency needs for license rights and the appropriate license type for systems with noncommercial computer software or as standalone software in the DoD environment. There are three standard license types for noncommercial computer software: Unlimited, Government Purpose, and Restricted. Each of these license types for noncommercial computer software conveys different rights to the agency. This report presents distinguishing characteristics of the three standard license types, a method to develop the supporting rationale or traceability for DoD agency needs, a high-level description of circumstances that fall outside of standard license types, and a discussion of the importance of deliverables as necessary components for implementing license rights.