CSSLP: Supply Chain and Software Acquisition


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
Software lifecycle activities regularly extend beyond the internal environment. Outsourced software development, acquisition, and procurement activities require specific attention to ensure security is integrated into the end software product or service. In this course, you'll learn about supplier risk assessment considerations, including intellectual property, code reuse, and legal compliance complexities. This course also introduces some considerations to make with supplier sourcing like contractual integrity controls, vendor technical integrity controls, and service-level agreements or SLAs. Finally, this course also introduces software delivery and maintenance best practices like publishing and dissemination controls, product deployment and sustainment controls, and supplier transitioning requirements. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional or CSSLP exam.

Target Audience
Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam

Prerequisites
None

Expected Duration (hours)
1.9

Lesson Objectives

CSSLP: Supply Chain and Software Acquisition

  • start the course
  • recognize characteristics of risk assessment for code reuse
  • identify best practices for creating a practical reuse plan
  • identify best practices for preventing intellectual property theft
  • recognize characteristics of legal compliance
  • identify best practices for supplier prequalification activities
  • distinguish between different security trade-offs in supplier sourcing
  • identify best practices for contractual integrity controls
  • identify best practices for vendor technical integrity controls
  • identify best secure control practices for managed services from a supplier
  • distinguish between the two rules service-level agreements or SLAs should provide
  • identify technical controls for software development and testing
  • identify code testing and verification options for software development and testing
  • list the eight steps to create a formal set of security testing controls
  • identify software requirements verification and validation
  • identify chain of custody best practices
  • distinguish between licenses, encryption, and authentication as publishing and dissemination controls
  • identify characteristics of system-of-systems integration
  • identify software authenticity and integrity best practices during software delivery, operations, and maintenance
  • recognize best practices when integrating product deployment and sustainment controls
  • identify monitoring and incident management best practices
  • identify best practices for vulnerability management, tracking, and resolution activities
  • identify the purpose of Code Escrow during supplier transitioning
  • identify contracts best practices during supplier transitioning
  • identify best practices for assessing supplier risk, implementing supplier sourcing controls, and delivering software

    • Course Number:
    sp_slcp_a07_it_enus

    Expertise Level
    Intermediate