The U.S. State Department Office of Acquisitions referenced code quality requirements in the Consular Systems Modernization (CSM) statement of work.
From the State Dept. CSM acquisition document on page 23, section C.4.2:
“The contractor shall adhere to CST application coding standards intended to assist in creating code that is free of critical quality defects and is highly maintainable.”
CST = Consular Systems and Technology
“CST will employ a Software Code Review process by which it will analyze all source code by measuring application level code quality and code assurance across the portfolio of COTS configurations and custom developed software. CST will also employ Software Code Quality (SCQ), an analysis that will evaluate application risk around robustness (stability, resiliency), performance, architectural security, transferability, system maintainability (sustainment) and changeability of applications as they evolve. These measurements are based upon industry best practices and standards related to complexity, programming practices, architecture, database access and documentation. They are derived from standards bodies such as the International Organization for Standardization (ISO), Software Engineering Institute (SEI), Object Management Group (OMG) and the National Institute of Standards and Technology among others.”
The Consortium for IT Software Quality (CISQ) was founded by the Object Management Group, a technology standards organization, and the Software Engineering Institute (SEI) at Carnegie Mellon University, a Federally Funded Research and Development Center, to develop standards for automating the measurement of software. CISQ has delivered code quality standards that are now “acquisition-ready” for managing the security, reliability, performance efficiency, and maintainability of software.