Accession Number:

ADA393329

Title:

Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document

Descriptive Note:

Corporate Author:

BOOZ-ALLEN AND HAMILTON INC MCLEAN VA

Personal Author(s):

Report Date:

1999-04-01

Pagination or Media Count:

318.0

Abstract:

The Systems Security Engineering Capability Maturity Model SSE-CMM describes the essential characteristics of an organizations security engineering process that must exist to ensure good security engineering. The SSE-CMM does not prescribe a particular process or sequence, but captures practices generally observed in industry. The model is a standard metric for security engineering practices covering 1 The entire life cycle, including development, operation, maintenance, and decommissioning activities 2 The whole organization, including management, organizational, and engineering activities 3 Concurrent interactions with other disciplines, such as system, software, hardware, human factors, and test engineering system management, operation, and maintenance 4 Interactions with other organizations, including acquisition, system management, certification, accreditation, and evaluation The SSE-CMM Model Description provides an overall description of the principles and architecture upon which the SSE-CMM is based, an executive overview of the model, suggestions for appropriate use of the model, the practices included in the model, and a description of the attributes of the model. It also includes the requirements used to develop the model. The SSE-CMM Appraisal Method describes the process and tools for evaluating an organizations security engineering capability against the SSE-CMM.

Descriptors:

• *SECURITY
• *SYSTEMS MANAGEMENT
• TEST AND EVALUATION
• COMPUTER PROGRAMS
• MAINTENANCE
• INDUSTRIES
• ORGANIZATIONS
• ACQUISITION
• INTERACTIONS
• ENGINEERING
• LIFE CYCLES

Subject Categories:

• Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE