Date of Original Version



Technical Report

Abstract or Description

Developed by the Software Engineering Institute (SEI) at Carnegie Mellon University, Software Quality Requirements Engineering for Acquisition (A-SQUARE) is a methodology used for eliciting and prioritizing security requirements as part of the acquisition process. In the project described in this paper, we evaluated the effectiveness of the A-SQUARE method by applying it to a COTS product for the advanced metering infrastructure of a smart grid. We evaluated the ability of the A-SQUARE method to identify security requirements for the COTS product; identify candidate COTS products; elicit, categorize, and prioritize security requirements; prioritize COTS products; and select a COTS product. We also evaluated the usability of the A-SQUARE tool using qualitative evaluation criteria.