Picture of Kevin Doyle

Kevin M. Doyle


Primary tabs

CGI Director Paul Rainey also contributed to this blog.

Nobody debates what a kilometer is. It’s a standard unit of measurement with defined parameters. It wasn’t always this way, though. In the past, units of measure often were approximated and based on such things as the breadth of one’s hand, which can vary significantly from one person to the next.

Standardized measurements led to much greater consistency and shared understanding of distance, weight, volume, etc. In the same way, technology standards ensure that systems can interoperate, that data can be shared accurately, and that products can meet safety and reliability requirements.

It’s in that light that I share with some pride that CGI has contributed to the development of four proposed standards for embedded and real-time systems that are under consideration by the Consortium for IT Software Quality (CISQ), of which CGI is a sponsor. If adopted, the new standards will be voluntary for industry, but we have every reason to think they will become widely used.

Read the full text of the standards at the Object Management Group (OMG)’s website, and learn more about the CISQ embedded extensions working group.

Embedded systems are specialized information technology systems that provide the brains of devices such as sensors and smart weapons systems. Outside of the government, embedded systems can be found in everyday objects such as programmable thermostats, coffeemakers, every automobile produced in the past 20 years and so on. Today, many or most of these devices are network-capable and part of the Internet of Things (IoT).

Embedded systems are essential, helping to control devices as common as he printer on your desk or as sophisticated as the most advanced fighter jet. They are everywhere and more functionality that used to be non-embedded is being loaded onto chips. With the evolution of IoT, this trend continues to grow.

As such, it’s crucial that embedded systems be secure, reliable and scalable—capabilities these new standards address. Since no other standards in use really address these matters, CISQ—with its emphasis on code quality—is trying to fill that gap.

Essentially, we’re trying to develop an analog to a nutrition label. Just as the label on box of cereal will define the serving size and tell you the number of calories, grams of carbohydrate, fat, protein and vitamins per serving, so too would a CISQ-Certified label on a software product tell you that it meets the 10 specific standards for embedded systems and also the remaining 110 to 140 rules that will be part of the final set of software standards.

Eventually, we envision companies like CGI becoming authorized to evaluate software for adherence to the rules, just as the General Services Administration (GSA) has a network of third-party assessment organizations that ensure cloud systems meet the standards set forth in the Federal Risk and Authorization Management Program (FedRAMP) for security.

CGI Federal and its Emerging Technologies Practice are dedicated to furthering innovation within the federal government. Our new federal-focused Innovation Center in Arlington, Va. is one example of our work. Read: CGI Launches New Innovation Center to Help Federal Agencies Explore Creative Approaches to Mission Success

About this author

Picture of Kevin Doyle

Kevin M. Doyle


Kevin M. Doyle is a security engineer whose primary work includes integrating security into web applications, cloud, source code, and more. He performs ethical hacking techniques to contribute to the security oversight of government and commercial web applications, and carries out static code reviews to ...