INFORMATION ASSURANCE
Security Certification
& Accreditation
Computer Security
Planning & Training
Disaster Recovery & Contingency Planning
Network & System Vulnerability/Threat ID
Common Criteria Testing Laboratory
Independent Validation
& Verification
Steganography Analysis
and Research Center
PCI Compliance
Managed Network Security Support Services
All Services
Home
....
.....
|
|
Independent Verification and Validation (IV&V)
The Software Engineering Institute (SEI) Capability Maturity Models (CMM) defines Validation and Verification as Level 3 Engineering Process Areas. Validation, as defined in “CMMI Guidelines for Process Integration and Product Improvement,” is to demonstrate that products or product components fulfill their intended purpose when placed in their intended environment. Verification ensures that selected work products meet their specified requirements.
The objective is to minimize your risk and maximize your benefits from implementing new products, systems, and applications.
Lines of Business have significant investments in new applications, systems, processes, architectures, training and procedures. Prior to implementation, concerns are raised: Will the new system work in the agency’s infrastructure? How will it work with other applications? What impact will the new application have on the infrastructure? Will the new application introduce any security vulnerabilities? Do we need additional infrastructure investment? How can we cost effectively assess these impacts?
DSD can minimize your risk with our DSD Information Assurance Laboratory (DIAL). Because of our experience as a Common Criteria Testing Laboratory (CCTL), DIAL has developed a rigorous, comprehensive test methodology to answer these key questions. DIAL uses a System Development Life Cycle (SDLC) methodology, tailored for each customer’s needs to address a system or component set. (Attached Exhibit)
Facility
DIAL is a secure 4100 square foot facility in Fairmont, WV dedicated to IV&V testing. The facility is well equipped to perform all testing operations and contains four dedicated test areas, each network capable with a cipher-lock secured entrance. Substantial space is also available to overflow test capability.
Staffing
It is staffed, full-time, by a multi-disciplined team with expertise in full-spectrum IT infrastructure from the WAN entry point of the carrier through application layers of systems and components. DIAL’s staff is cleared and has both civilian and military agency experience.
DIAL IV&V Process
DSD can independently verify and validate applications by testing them in their intended environments. Typically, DIAL would leverage an agency’s current operating environment. Alternatively, DIAL could construct a test environment, install the application, and test it. DIAL would examine resource usage (bandwidth, memory, disk space, etc.) issues as well as integration issues with operating infrastructures. DIAL minimizes risk while maximizing benefits.
SDLC Phase |
Typical Tailorable DSD Process Steps |
Typical Techniques |
DSD Deliverable |
Planning
(System Request)
|
|
|
|
|
|
Review Technical Feasibility
Assess Economic Feasibility
Examine Organizational Feasibility
|
|
|
|
Time Estimation
Task Identification
Work Breakdown Structure
Pert Chart
GANTT Chart
Scope Management
|
|
|
|
Project Staffing
Project Charter
|
|
|
Control and Direct
Project
|
CASE Repository
Determine Standards
Manage & Identify Documentation
Risk Management
|
Standards List
Risk Assessment |
Analysis
(System Proposal)
|
Develop Analysis Strategy
|
Business Process Automation
Business Process Improvement
Business Process Reengineering
|
|
|
Determine Business Requirements
|
Interview key Stakeholders
JAD session
Questionnaire
Document Analysis
Observation
|
|
|
|
|
|
|
|
|
|
|
|
Entity Relationship Modeling
Normalization
|
|
|
Develop Continuity of Operation
|
Interview
Standards
Risk Management
Verify Standard, e.g. PDD-67
|
|
Design
(System Specification)
|
|
Design Selection
Data Flow Diagramming
Entity Relationship Modeling
|
Physical Process Models
Physical Data Model
System Specification
|
|
Architecture Design
Hardware & Software Selection
|
Architecture Report
Hardware & Software Specifications
|
|
|
|
Use Scenario Modeling (Design Reference Mission Profile, DRMP)
Validate Interface Standards
Review Interface Prototype
Analyze Interface Evaluation
|
|
|
Design Databases and Files
|
Data Format Selection
Denormalization
Performance Tuning
Size Estimation
|
|
|
|
Transform Analysis
Program Structure Chart
Program Specification
|
|
Implementation
(Installed System)
|
|
Programming
Software Testing
Performance Testing
|
Test Plan
Programs
Documentation
|
|
|
Deployment Strategy Session
|
|
|
|
Conversion Style Selection
Training
|
Conversion Plan
Training Plan
|
|
|
Support Selection
System Maintenance
Project Assessment
|
Support Plan
Problem Report
Change Request
|
|
|
Post implementation Audit
|
Post implementation Audit Report
|
|
