A prototype tool to support A-SQUARE has been developed by a team of Carnegie Mellon Master of Science in Information Technology students with oversight by CERT researchers. The tool, designed for use by stakeholders, requirements engineers, and contractors/vendors, aids in acquisition by providing documentation support for

Case 1:

• recording definitions and searching and adding new terms
• identifying the project business goals, assets, and security goals
• identifying preliminary security requirements
• security requirement review and approval

Case 2:

• recording definitions and searching and adding new terms
• identifying the project business goals, assets, and security goals
• adding or editing links to project artifacts
• performing risk assessment and identifying threats
• comparing elicitation techniques
• linking the elicited requirements to goals, risks, and artifacts
• classifying requirements based on predefined categories
• prioritizing security requirements
• inspecting requirements, viewing traceability to risks and artifacts, and exporting requirements to tools such as Requisite Pro

Case 3:

• recording definitions and searching and adding new terms
• identifying the project business goals, assets, and security goals
• identifying preliminary security requirements
• reviewing COTS software package information and specifications
• finalizing security requirements
• performing tradeoff analysis
• making the final COTS product selection

The tool is available for free, though registration is required to download it. Download the .zip file then consult the ASQUARE v1.0 Installation and User's Guide in the main .zip folder for instructions.