By Douglas C. Schmidt,
Chief Technology Officer
As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in Agile methods, insider threat,the SMART Grid Maturity Model, acquisition, and CMMI. This post includes a listing of each report, author/s, and links where the published reports can be accessed on the SEI website.
Agile Methods: Selected DoD Management and Acquisition Concerns
By Mary Ann Lapham; Suzanne Miller; Lorraine Adams; Nanette Brown; Bart Hackemack; Charles (Bud) Hammons; Linda Levine; & Alfred Schenker
This technical note addresses some of the key issues that either must be understood to ease the adoption of Agile or are seen as potential barriers to adoption of Agile in the DoD acquisition context.
Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination
By Michael Hanley & Joji Montelibano
This technical note presents an insider threat pattern on how organizations can combat insider theft of intellectual property. The technical note describes how to use the centralized log storage and indexing engine Splunk to detect malicious insider behavior on a network.
An Acquisition Perspective on Product Evaluation
By Grady Campbell, Harry Levinson, & Richard Librizzi
This technical note focuses on software acquisition and development practices related to the evaluation of products before, during, and after implementation. From engagements with numerous DoD acquisition programs, it has been observed that several recurring issues reduce the effectiveness of how software-reliant products are evaluated. An acquisition effort consists of identifying the customer's needs, selecting or developing a product that is responsive to those needs, and then evaluating the product to determine if it properly addresses the identified needs. This technical note describes the product evaluation (verification, validation, and certification) process including test, reviews, and formal methods. It also makes the argument that product evaluation should not be deferred until after a product has been built, but should begin as soon as the customer's needs have been identified and should continue throughout the acquisition effort.
Smart Grid Maturity Model, Version 1.2: Model Definition
By Smart Grid Maturity Model Team
The Smart Grid Maturity Model (SGMM) is a business tool stewarded by the SEI at Carnegie Mellon University. It was originally developed by electric power utilities for use by electric power utilities. The model provides a framework for understanding the current extent of smart grid deployment and capability within an electric utility, a context for establishing strategic objectives and implementation plans in support of grid modernization, and a means to evaluate progress over time toward those objectives. The SGMM is composed of eight domains and six maturity levels as detailed in this document, which contains the full definition and description of the model. Introductory material to aid in understanding the purpose and use of the SGMM is also provided. The primary audiences for the SGMM, and for this document, are electric power utilities that are seeking guidance related to the modernization of their operations and practices for delivering electricity. The audience also includes any related stakeholders for such utilities. Currently, the model is better suited for utilities with transmission and distribution operations than for pure generation utilities.
Understanding and Leveraging a Supplier’s CMMI Efforts: A Guidebook for Acquirers (Revised for V1.3)
By Lawrence T. Osiecki, Mike Phillips, & John Scibilia
This guidebook helps acquisition organizations formulate questions for their suppliers related to CMMI. It also helps organizations interpret responses to identify and evaluate risks for a given supplier.
For the latest SEI technical reports and papers, please visit