Government requirements for security certification and accreditation (C&A) of systems follow a sequential approach compatible with projects using the waterfall software development lifecycle (SDLC). The purpose of this study is to explore ideas that will allow incorporation of C&A into the agile SDLC process. With the emergence of agile SDLC, incorporating the government C&A process becomes a challenge in areas such as minimizing risk, requirements volatility, documentation, stakeholder involvement, and meeting aggressive schedules. Focus groups were used in this qualitative study to answer the research question: What factors assist in successful incorporation of C&A into the agile SDLC process? Twenty-eight success factors emerged in the areas of: customer support, management support, team training, requirements mapping, security engineering, customer-contractor communication, documentation, testing, and transitioning to agile SDLC from waterfall SDLC .
展开▼