Here is a link to the U.S. State Department, Office of Acquisitions, Consular Systems Modernization (CSM) project.
As background, CISQ was co-founded by the Object Management Group (www.omg.org), a technology standards organization, and the Software Engineering Institute (SEI) at Carnegie Mellon University (sei.cmu.edu), a Federally Funded Research and Development Center (FFRDC), to develop standards for automating the measurement of software size and structural quality. CISQ has introduced standards that are now “acquisition-ready” for managing system “-ilities” – security, reliability, performance efficiency, and maintainability – from system source code. In October 2017, CISQ also introduced a new OMG standard for measuring technical debt, which is a useful metric in the IT modernization and security discussion.
From the State Dept CSM acquisition doc on page 23, section C.4.2:
“The contractor shall adhere to CST application coding standards intended to assist in creating code that is free of critical quality defects and is highly maintainable.”
CST = Consular Systems and Technology
“CST will employ a Software Code Review process by which it will analyze all source code by measuring application level code quality and code assurance across the portfolio of COTS configurations and custom developed software. CST will also employ Software Code Quality (SCQ), an analysis that will evaluate application risk around robustness (stability, resiliency), performance, architectural security, transferability, system maintainability (sustainment) and changeability of applications as they evolve. These measurements are based upon industry best practices and standards related to complexity, programming practices, architecture, database access and documentation. They are derived from standards bodies such as the International Organization for Standardization (ISO), Software Engineering Institute (SEI), Object Management Group (OMG) and the National Institute of Standards and Technology among others.”