Abstract
Operational environments for today’s information technology solutions are complex and varied. The majority are constructed with systems and systems-of-systems, often including cloud computing and the internet. With the increase of web-centric applications, it is important to understand how systems relate to each other both internally and externally. People’s behavior in an organization is also for consideration in the adoption and operation of assurance solutions. While a great deal of work has been done to identify and catalog software assurance solutions, little information is available about what is needed for an organization to successfully adopt and use them in operational settings. The Software Engineering Institute (SEI) at Carnegie Melon, in tandem with the United States Department of Defense (DOD) has developed a framework that models an organization’s software assurance profile. In their paper, A Framework for Modeling the Software Assurance Ecosystem: Insights from the Software Assurance Landscape Project [1], the team from SEI describes their piloting of this framework to prove its value and gain insights in the application of the model in an organizational setting. This report presents the Assurance Modeling Framework methodology and the development of the EaseSAF tool that semi-automates the nine steps of the methodology. EaseSAF is a desktop tool that integrates the specification of assurance modeling requirements using the formal methods based on SEI’s Assurance Modeling Framework. It is an effort to develop an application that allows users to input and manage the enormous amount of data and artifacts necessary to support this framework.