Para 5.2 Systems
Systems engineering principles shall influence the
balance between performance, risk, cost,
The systems engineering process shall:...
- Characterize and manage technical risks....
- Apply scientific and engineering principles, using the
system security engineering process, to identify security vulnerabilities and
minimize or contain information assurance and force protection risks associated with these vulnerabilities
(see DoD Manual 5200.1-M)....
The following key systems engineering activities shall
- System Analysis and Control.
and control activities shall provide the basis for evaluating and selecting
alternatives, measuring progress, documenting design decisions, and enabling
and managing block deliveries under an evolutionary acquisition strategy.
They shall include the following:
- The overall risk management effort shall include
technology transition planning and shall establish transition
- The establishment of a risk management process (including planning,
assessment (identification and analysis), handling, and monitoring) to be
integrated and continuously applied throughout the program, including, but not
limited to, the design process. The risk
management effort shall address risk
planning, the identification and analysis of potential sources of risks including but not limited to cost,
performance, and schedule risks based on
the technology being used and its related design, manufacturing capabilities,
potential industry sources, and test and support processes; risk handling strategies, and risk monitoring approaches. The overall risk management effort shall interface with
technology transition planning, including the establishment of transition
criteria for such technologies....
- Performance metrics to measure technical development
and design, actual versus planned; and to measure meeting system requirements in
terms of performance, progress in implementing risk handling plans,
producibility, cost and schedule. Performance metrics shall be traceable to
performance parameters identified by the operational user....
Para 5.2.5 Open Systems
PMs shall use an open systems approach to achieve
the following objectives:...
- To mitigate the risks associated
with technology obsolescence, being locked into proprietary technology, and
reliance on a single source of supply over the life of a system;...
Para 5.2.6 Software
The PM shall manage and engineer software-intensive systems using best
processes and practices known to reduce cost, schedule, and performance
Para 22.214.171.124 General
The PM shall base software systems design and
development on systems engineering principles, to include the following:...
- Select the programming language in context of the
systems and software engineering factors that influence overall life-cycle
costs, risks, and the potential for
- ...However, if the prospective contractor does not
meet full compliance, a risk mitigation
plan and schedule shall be prepared to describe, in detail, actions that will be
taken to remove deficiencies uncovered in the evaluation process. The risk mitigation plan shall require PM
- Assess information operations risks ( DoDD S-3600.1)
using techniques such as independent expert reviews;...
Para 126.96.36.199 Review of Software-Intensive
An independent expert review team shall review programs
and report on technology and development risk, cost, schedule, design, development, project
management processes and the application of systems and software engineering
Para 188.8.131.52 Software Security
The following security considerations apply to
- When employing COTS software, the contracting process
shall give preference during product selection/evaluation to those vendors who
can demonstrate that they took efforts to minimize the security risks associated with foreign nationals that
have developed, modified or remediated the COTS software being
Para 5.2.7 COTS
The use of commercial items often requires changes
in the way systems are conceived, acquired, and sustained, to include:...
- The PM shall develop an appropriate T&E strategy
for commercial items to include evaluating potential commercial items in a
system test bed, when practical; focusing test beds on high-risk items; and testing commercial-item
upgrades for unanticipated side effects in areas such as security, safety,
reliability, and performance....
- Programs are encouraged to use code-scanning tools,
within the scope and limitations of the licensing agreements, to ensure both
COTS and GOTS software do not pose any information assurance or security risks.
Para 184.108.40.206 Environment, Safety, and
Occupational Health (ESOH)
The PM shall prepare a Programmatic ESOH Evaluation (PESHE) document early in
the program life cycle (usually Milestone B). The PESHE shall identify ESOH
risks, contain a strategy for integrating ESOH considerations
into the systems engineering process, delineate ESOH responsibilities, and
provide a method for tracking progress.
Para 220.127.116.11.1 ESOH
To minimize the cost and schedule
risks over the
system's life cycle that changing ESOH requirements and regulations represent,
the PM shall regularly review ESOH regulatory requirements and evaluate their
impact on the program's life-cycle cost, schedule, and performance.
Para 18.104.22.168.3 Safety and
The PM shall identify and evaluate safety and health
hazards, define risk levels, and establish
a program that manages the probability and severity of all hazards associated
with development, use, and disposal of the system. The PM shall use and require
contractors to use the industry and DoD standard practice for system safety,
consistent with mission requirements. This standard practice manages risks encountered in the acquisition life cycle of
systems, subsystems, equipment, and facilities. These risks include conditions that create significant
risks of death, injury, acute/chronic
illness, disability, and/or reduced job performance of personnel who produce,
test, operate, maintain, support, or dispose of the system.
The following policy applies to the acceptance of
- The PM shall formally document each management decision accepting the
risk associated with an identified hazard.
- "High Risk" hazards shall require
CAE approval (lead executive component authority prevails for joint
- The acceptance of all risks involving explosives safety (see 22.214.171.124)
shall require the appropriate risk acceptance authority to consult
with the DoD Component's technical authority managing the explosives safety
- "Serious Risk" hazards shall
require Program Executive Officer approval.
- "Medium Risk" hazards shall
require PM approval.
The PM shall designate the approval authority for "Low
Para 126.96.36.199.5 Pollution
The PM shall identify and evaluate environmental and
occupational health hazards and establish a pollution prevention program. The PM
shall identify the impacts of the system on the environment during its life
(including disposal), the types and amounts of pollution from all sources (air,
water, noise, etc.) that will be released to the environment, actions needed to
prevent or control the impacts, ESOH risks
associated with using the new system, and other information needed to identify
source reduction, alternative technologies, and recycling opportunities.
Para 188.8.131.52 Mission
The PM shall consider survivability and mission
assuredness of systems vulnerable to physical and electronic attack. Security,
survivability, and operational continuity (i.e., protection) shall be
considered as technical performance requirements as they support achievement
of other technical performance aspects such as accuracy, endurance,
sustainability, interoperability, range, etc., as well as mission
effectiveness in general (see 6.7
). The PM shall include the considerations in the risk benefit analysis of system design and
Para 184.108.40.206 Anti-Tamper
The PM shall develop and implement anti-tamper
measures for all programs in accordance with the determination of the MDA
documented in the Program Protection Plan.... Because of its function,
anti-tamper should not be regarded as an option or a system capability that may
later be traded off without a thorough operational and acquisition risk analysis.... The PM shall research
anti-tamper measures and determine which best fit the performance, cost,
schedule, and risk of the program
Para 5.3.1 Work Breakdown Structure
The PM shall normally specify contract WBS elements only
to level three for prime contractors and key subcontractors. Only low-level
elements that address high risk, high
value, or high technical interest areas of a program shall require detailed
reporting below level three.