Certification process artifacts defined as measurable units for software assurance

Seok Won Lee, Robin A. Gandhi, Gail Joon Ahn

Research output: Contribution to journalArticlepeer-review

13 Scopus citations


Certification and Accreditation (C&A) process artifacts for software-intensive systems are characterized by the metrics and measures required to be produced from their units of analysis for assessing system behaviour. Software-intensive systems are complex clusters of closely interdependent system of systems that include underlying software, systems, people, processes, and operational environments. Naturally, such systems require carefully designed C&A artifacts that consider metrics and measures from multiple dimensions at different levels of abstraction in the Universe of Discourse (UoD) in order to understand, predict, and control their emergent behaviour. Hence, C&A artifacts defined as measurable units for software assurance should be the result of an aggregated reasoning of evidences from various dimensions, while maintaining traceability and alignment to real world goals/objectives in all stages of the system lifecycle. To address these research objectives, we present a novel integration framework that promotes cohesion and traceability among metrics and measures from multiple dimensions in the problem domain on the basis of the definition of a common language. By applying our framework to automate the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), we also motivate the design principles and modelling techniques necessary to generalize a course of action to conduct C&A processes with appropriate tool support for software-intensive systems.

Original languageEnglish (US)
Pages (from-to)165-189
Number of pages25
JournalSoftware Process Improvement and Practice
Issue number2
StatePublished - Mar 2007
Externally publishedYes


  • Certification and accreditation
  • Metrics and measures
  • Ontological engineering
  • Requirements engineering
  • Risk assessment
  • Software-intensive systems

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'Certification process artifacts defined as measurable units for software assurance'. Together they form a unique fingerprint.

Cite this