本标准描述了一组有用的活动、任务和方法，可在软件或软件服务的获取过程中选择和应用。该标准可适用于在任何计算机系统上运行的软件，无论软件的大小、复杂性或重要性如何。软件供应链可能包括商业现货（COTS）、定制或开源软件的集成。软件服务可以包括软件开发和维持、软件集成以及软件验证和确认。安全性是收购过程中考虑的一个质量属性。但是，不包括获取信息保证（安全）服务和云服务的具体要求。

This standard describes a set of useful activities, tasks and methods that can be selected and applied during the acquisition of software or software services. The standard can be applied to software that runs on any computer system regardless of the size, complexity, or criticality of the software. The software supply chain may include integration of commercial-off-the-shelf (COTS), custom, or open source software. Software services can include software development and sustainment, software integration, and software verification and validation. Security is included as a quality attribute considered during the acquisition. However, specific requirements for acquisition of information assurance (security) services and cloud services are not included.