best practices

The Biden Administration, through the Cybersecurity & Infrastructure Security Agency (CISA) has issued a directive which applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency’s behalf. These required actions apply to any federal information system, including an information system used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information.

While standard QA centers around how well a software application meets functional requirements, structural code quality focuses on non-functional items like how well the code that makes up a piece of software adheres to standards, best practices, security, efficiency, and maintainability. For example, are naming conventions used consistently, outdated libraries removed from use, SQL injection points secured, etc.?