BS ISO/IEC 21827:2008
Current
The latest, up-to-date edition.
Information technology. Security techniques. Systems security engineering. Capability maturity model (SSE- CMM)
Hardcopy , PDF
English
28-02-2009
Foreword
0 Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Background
4.1 Reason for Development
4.2 The Importance of Security Engineering
4.3 Consensus
5 Structure of the Document
6 Model Architecture
6.1 Security Engineering
6.2 Security Engineering Process Overview
6.3 SSE-CMM Architecture Description
6.4 Summary Chart
7 Security Base Practices
7.1 PA01 Administer Security Controls
7.2 PA02 - Assess Impact
7.3 PA03 - Assess Security Risk
7.4 PA04 - Assess Threat
7.5 PA05 - Assess Vulnerability
7.6 PA06 - Build Assurance Argument
7.7 PA07 - Coordinate Security
7.8 PA08 - Monitor Security Posture
7.9 PA09 - Provide Security Input
7.10 PA10 - Specify Security Needs
7.11 PA11 - Verify and Validate Security
Annex A (normative) - Generic Practices
Annex B (normative) - Project and Organizational
Base Practices
B.1 General
B.2 General Security Considerations
B.3 PA12 - Ensure Quality
B.4 PA13 - Manage Configurations
B.5 PA14 - Manage Project Risks
B.6 PA15 - Monitor and Control Technical Effort
B.7 PA16 - Plan Technical Effort
B.8 PA17 - Define Organization's Systems
Engineering Process
B.9 PA18 - Improve Organization's Systems
Engineering Processes
B.10 PA19 - Manage Product Line Evolution
B.11 PA20 - Manage Systems Engineering
Support Environment
B.12 PA21 - Provide Ongoing Skills and
Knowledge
B.13 PA22 - Coordinate with Suppliers
Annex C (informative) - Capability Maturity Model
Concepts
C.1 General
C.2 Process Improvement
C.3 Expected Results
C.4 Common Misunderstandings
C.5 Key Concepts
Annex D (informative) - Generic Practices
D.1 General
D.2 Capability Level 1 - Performed Informally
D.3 Capability Level 2 - Planned and Tracked
D.4 Capability Level 3 - Well Defined
D.5 Capability Level 4 - Quantitatively Controlled
D.6 Capability Level 5 - Continuously Improving
Bibliography
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.