Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document
Abstract
The Systems Security Engineering Capability Maturity Model (SSE-CMM) describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering. The SSE-CMM does not prescribe a particular process or sequence, but captures practices generally observed in industry. The model is a standard metric for security engineering practices covering: (1) The entire life cycle, including development, operation, maintenance, and decommissioning activities: (2) The whole organization, including management, organizational, and engineering activities: (3) Concurrent interactions with other disciplines, such as system, software, hardware, human factors, and test engineering; system management, operation, and maintenance: (4) Interactions with other organizations, including acquisition, system management, certification, accreditation, and evaluation The SSE-CMM Model Description provides an overall description of the principles and architecture upon which the SSE-CMM is based, an executive overview of the model, suggestions for appropriate use of the model, the practices included in the model, and a description of the attributes of the model. It also includes the requirements used to develop the model. The SSE-CMM Appraisal Method describes the process and tools for evaluating an organization's security engineering capability against the SSE-CMM.
Document Details
- Document Type
- Technical Report
- Publication Date
- Apr 01, 1999
- Accession Number
- ADA393329
Entities
Organizations
- Booz Allen Hamilton