This recommended practice describes a set of useful quality considerations that can be selected and applied during one or more steps in a software acquisition process. The recommended practices can be applied to software that runs on any computer system regardless of the size, complexity, or criticality of the software. The software supply chain may include integration of commercial-off-the-shelf (COTS), custom, or free and open source software (FOSS). Each organization or individual using this recommended practice will need to identify the specific quality and activities that need to be included within the organization’s acquisition process. Security will be included as a quality attribute considered during the acquisition.