Systematic Mapping Study of Systems Security Engineering for Modular Open Systems

Modular Open Systems Approach (MOSA), a recent initiative to increase competition in the defense market, has become a directive to new acquisition programs. It's a United States (U.S.) Department of Defense (DoD) initiative for designing composable systems with open standards that can be acquired from independent vendors, while allowing an adaptive response to evolving threats. Implementation of MOSA was signed into law in the National Defense Authorization Act for Fiscal Year 2021 (NDAA FY21), requiring regulations to facilitate DoD's access to and utilization of modular system interfaces and implementation of openness across major acquisition programs. MOSA's objectives include interoperability, technology refresh, increased competition, innovation and cost savings. Determining an effective strategy to realize this intent is of paramount importance to industry. Current MOSA research focuses on developing guidelines for incorporating modularity and open standards into DoD acquisition. Given the concurrent priority regarding system security and cyber-resilience, there is a gap in open literature regarding architectural and design guidelines focused on security and cyber-resilience requirements for MOSA. This systematic mapping resulted in the selection of 33 relevant research papers. A hybrid approach of inductive and deductive qualitative coding was used as a method of rigor in extracting answers to the research questions.