scope:

Purpose of This Order. This Order establishes a Security Software Assurance policy for the Federal Aviation Administration (FAA) to protect the confidentiality, integrity, and availability of FAA information systems. Software Assurance is the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner. This policy includes:

a. Establishing a methodology for ensuring software assurance security for software in development, operation, and maintenance phases;

b. Determining if software code designs are securely written, implemented and operating as intended while protecting information systems and their components;

c. Utilizing approved tools purchased for Agency-wide use, to verify and validate the software contained within an information system is compliant with accepted security practices to reduce patch management activities as noted in URL:

https://intranet.faa.gov/faaemployees/org/staffoffices/aio/programs/iss/software_code_vulner_sc an_serv/ ;

d. Assigning accountability to software developers to provide secure quality deliverable products that perform as expected; and,

e. Assigning responsibility for Federal Acquisition Executive (FAE) to add contractual requirements to ensure quality of delivered software products.