Incorporating NAPM into the System Development Life Cycle

In order to fully integrate the partnership model into a System Integrity Engineering discipline it is imperative that the designers and system architects understand and embrace the requirements imposed by technology infusion and the insatiable demand for more interoperable processing capabilities and applications.

Management can no longer afford to “bury its head in the sand” and ignore threats simply because there is (1) no commercially available hardware and/or software solution(s) available; or (2) prohibitive budgetary restraints make addressing the issues improbable. The threats will not magically disappear. They must be openly and intelligently addressed. Application design or enhancements may no longer be the sole major driving force in today’s interoperable development environment. Management is beginning to be more interested in systems that provide them with a high degree of confidence in protecting their information, consistency, and continuity of operation, as well as efficiency and computational effectivity.

The basic System Development Life Cycle has changed dramatically. Design and development efforts that once took months, even years, has been replaced by rapid application and joint analysis development (RAD/JAD) processes, prototyping, reuse engineering, and fourth-generation languages. These have modified the timing cycle by drastically shortening it to days and weeks, or in some cases hours and minutes.

To effectively integrate a system of controls into the life cycle, designers and developers will need to consider a modified model that recognizes that in an iterative system development life cycle, security controls and protection mechanisms need to be addressed in an iterative manner as well.

Software Life Cycle as a Control Process

The basic life cycle is still comprised of a series of phases to be executed sequentially or recursively as a continual process. A set of software products to be produced during each phase is identified, including security-related analyses, documentation, and reports. The controls deployed as well as those planned during each of the life cycle phases comprises a unique control architecture for the developing software products.

It is imperative that all relevant products are developed, all reviews are held, and all follow-up actions performed within each of the life cycle phases in sequence. To provide adequate management control, it is normally necessary that the developer not be allowed to proceed unless the defined phases of development are approved, performed in their predefined order, and the developer receives authority to proceed. The controls governing the applicability of a life cycle model to development and maintenance projects must be identified, evaluated, and specified with the consideration of integrity and security-relevant controls deployment criteria.

Each of the following development life cycle approaches provides inherent integrity controls:

•  The classical software development method recognizes discrete phases of development and requires that each phase of development be complete, with the presentation of formal reviews and release of formal documentation prior to transitioning to the next phase.

•  Spiral development is an iterative approach toward the classical method where the development life cycle is restarted to enable the rolling in of lessons learned into the earlier development phases.

•  Rapid application development (RAD) is a method of rapidly fielding experimental and noncritical systems in order to determine user requirements or satisfy immediate needs.

•  Joint analysis development (JAD) is a workshop-oriented, case-assisted method for application development within a short time frame using a small team of expert users, expert systems, expert developers, and outside technical experts, a project manager, executive sponsor, a JAD/CASE specialist, and observers.

•  Cleanroom is a method for developing high-quality software with certifiable reliability. Cleanroom software development attempts to prevent errors from entering the development process at all phases. The process provides for specifiers, programmers, and testers in which a specification is prepared either formally or semiformally as notations. Programmers prepare software from the specifications. A separate team prepares tests that duplicate the statistical distribution of operational use. Programmers are not permitted to conduct tests; all testing is done by an independent test team.

Exhibit 11.  Example of a System Life Cycle

Regardless of method, formal reviews and audits need to be performed to provide management and user insight into the developing system. Through the use of the review process, potential problems may be readily identified and addressed. Technical interchange meetings and peer reviews, involving technical personnel only, should be used to promote communication within the development organization and with the user community, enable the rapid identification and clarification of requirements, reduce risk, and promote the development of quality products.