Setting boundaries

On Oct. 30, 2002, Defense Department officials issued the Interim Defense Acquisition Guidebook, which contained the following security rules for when foreign nationals participate in software development:

Vendors must indicate whether foreign nationals participated in any way in software development, modification or remediation.

Foreign nationals employed by contractors or subcontractors to develop or modify software code for DOD must have security clearances equal to the level of the program in which the software is being used.

Primary vendors on DOD contracts may have subcontractors that employ cleared foreign nationals who work only in a certified or accredited environment.

DOD software with coding done in foreign environments or by foreign nationals must be reviewed by software quality assurance employees for malicious code.

Vendors that demonstrate efforts to minimize the security risks associated with foreign nationals will be given preference during the contracting process in product selection or evaluation.

Software quality assurance employees must check software sent to locations not directly controlled by DOD or its contractors for malicious code when it is returned to the DOD contractors' facilities.

This guidance acknowledges the additional risks associated with using foreign nationals in software development, but the procedures listed are not mandatory and, according to the guidebook, are to be used at the discretion of acquisition program managers.

Featured

  • Elections
    voting security

    'Unprecedented' challenges to safe, secure 2020 vote

    Our election infrastructure is bending under the stress of multiple crises. Administrators say they are doing all they can to ensure it doesn't break.

  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.