SQUARE for Acquisition (A-SQUARE)

SQUARE for Acquisition, also known as A-SQUARE, is a prototype tool that was developed by a team of Carnegie Mellon Master of Science in Information Technology students with oversight by CERT researchers. The tool, designed for use by stakeholders, requirements engineers, and contractors/vendors, aids in acquisition by providing documentation support for three cases, described below.

Case 1

  • recording definitions and searching and adding new terms
  • identifying the project business goals, assets, and security goals
  • identifying preliminary security requirements
  • reviewing and approving security requirements

Case 2

  • recording definitions and searching and adding new terms
  • identifying the project business goals, assets, and security goals
  • adding or editing links to project artifacts
  • performing risk assessment and identifying threats
  • comparing elicitation techniques
  • linking the elicited requirements to goals, risks, and artifacts
  • classifying requirements based on predefined categories
  • prioritizing security requirements
  • inspecting requirements, viewing traceability to risks and artifacts, and exporting requirements to tools such as Requisite Pro

Case 3

  • recording definitions and searching and adding new terms
  • identifying the project business goals, assets, and security goals
  • identifying preliminary security requirements
  • reviewing COTS software package information and specifications
  • finalizing security requirements
  • performing tradeoff analysis
  • making the final COTS product selection

A-SQUARE is available for free, though registration is required to download it. Consult the developer or user installation folders for installation instructions.

Download