Update on Quality Standards and
Debt specification approved, U.S. gov't agency reference, new Texas state law for
On June 5 at the OMG® Technical Meeting in Brussels,
Belgium, the OMG Architecture Board approved moving to finalization
of the automated Technical Debt
measure developed by CISQ. CISQ hosted a Cyber
Resilience Summit in Brussels to brief CIOs and IT policy
makers from NATO, the EU, and European national governments. Formal
adoption should follow at the next Technical
Meeting, September 25-29 in New Orleans, LA.
Heading to New Orleans in late September? Register
for the OMG
Cybersecurity Workshop on Thursday, September 28 from 8:30am
- 4:30pm. CISQ presents Technical Debt Findings and a Standard.
Other presentation topics include securing the Industrial Internet of
Things (IIoT), model based cybersecurity assessment, security views
in the UAF (Unified Architecture Framework), and more.
This fall CISQ will begin extending the Automated
Quality Characteristic Measures for Security, Reliability,
Performance Efficiency and Maintainability to cover weaknesses unique
to embedded and real-time systems. A number of organizations that are
starting to certify software components of devices and IoT have
expressed interest in having a common standard for embedded software.
We will be working with such certification organizations (TUV, UL,
AFNOR, AENOR) in the coming months.
CISQ has just been referenced by the U.S.
General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings.
GSA is an independent agency of the U.S. government
that supports general services of Federal
agencies. See page 21, section 5.9 in GSA's document,
Schedule 70 Blank Purchase Agreement for IT and Development Services,
"PB-ITS (Project Based IT Services) is seeking to establish code
quality standards for its existing code base, as well as new
development tasks. As an emerging standard, PB-ITS references the Consortium
for IT Software Quality (CISQ) for guidance on how to measure,
evaluate and improve software."
Herb Krasner, a member of the CISQ
Advisory Board, led development of new legislation in Texas
requiring the measurement and reporting of IT project performance across
state IT projects. The goal is to get a better handle on oversight,
quality, and cost of large IT projects to avoid some of the
expensive failures of recent past. Directives in the new
law, HB 3275, go into effect on January 1st. Herb Krasner has written
a position paper for state CIOs and IT
leaders where CISQ is referenced.
Dr. Bill Curtis
Cyber Resilience Summit
and Securing Government IT
October 19, 2017 Arlington, VA
RSVP today: http://it-cisq.org/cyber-resilience-summit-oct-2017/
With passage of the Technology Modernization Act and
Trump's Executive Order for Cyber Security seeking to modernize and secure legacy
systems that right now are the #1 cyber threat, forward-leaning public officials, standards bodies, and IT Communities of Interests are converging for the 4th annual Cyber Resilience Summit on October 19 in Arlington, VA. With growing threats from a tech savvy adversary, Federal agencies need to embrace advanced risk management and modernization practices proven effective in the global IT market.
The program covers risk-managed digital transformation and the practical application of systems engineering to support agile acquisition, cloud readiness, big data, technical debt control, and cyber risk management of complex mission, C2, weapon and citizen-facing systems.
Outsourcing Can Mitigate Cyberrisks in
Guest blog from Dr. Erik Beulen et
al, Boston Consulting Group
DevOps agility requires organizational adjustments and additional tooling to ensure cybersecurity. At the same time, the challenges of the cybersecurity labor market drive the need to increase tooling’s impact and to consider outsourcing. In turn, these require carefully focusing on cybersecurity governance, including the assignment of accountability and responsibility...
this article on CISQ's blog
and Supply Chain Assurance (SSCA) Meeting, Aug
29-30, MITRE, McLean, VA
21-24, San Diego, CA. Save $300 with the
Gartner Sourcing & Strategic
Vendor Relationships Summit, Sept 13-15,
Nashville, TN. Save $300 with the code
Forrester Privacy &
14-15, Washington, DC
USA, Sept 19-22, Orlando,
Meeting, Sept 25-29, New
STARWEST - Software Testing
Conference, Oct 1-6, Anaheim, CA
Thank You CISQ