1 / 12

Experience with the System Security Engineering Capability Maturity ModelTM Presented to INCOSE 96

SSE-CMM Project Background. Government acquisition agencies are driven to:Lower the cost of developing and maintaining systems;Improve consistency in meeting project schedule and budget;Select capable contractorsFew standards exist to judge corporate security engineering capabilitiesMany engine

gualtier
Download Presentation

Experience with the System Security Engineering Capability Maturity ModelTM Presented to INCOSE 96

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Experience with the System Security Engineering Capability Maturity ModelTM Presented to INCOSE 96

    2. SSE-CMM Project Background Government acquisition agencies are driven to: Lower the cost of developing and maintaining systems; Improve consistency in meeting project schedule and budget; Select capable contractors Few standards exist to judge corporate security engineering capabilities Many engineering companies provide secure products, systems, and services Wide variety in capabilities Excessive time needed for product/system certification Effort initiated to establish a commonly-accepted security engineering standard through a joint government/industry effort

    3. SSE-CMM Project Participants (as of July 1996)

    4. SSE-CMM Project Structure

    5. SSE-CMM Model Structure A model of fundamental security practices, based on the SPICE architecture

    6. Domain Dimension Based on the System Engineering Capability Maturity Model

    7. Capability Dimension

    8. SSE-CMM Appraisal Process An appraisal rates the capability of each process area

    9. Approach to Community Adoption Encourage industry-wide participation Recruit project participants Publicize to security engineers and systems engineers through conferences and WWW Promote the SSE-CMM as a standard process within NSA, DISA, and NIST engineering and development organizations Identify candidate procurements Develop / document approach for use in accreditation Investigate impacts on the INFOWAR community Promote the SSE-CMM as a standard process within SSE-CMM member engineering and development organizations Conduct pilots Interface with other CMM efforts

    10. Current SSE-CMM Status Draft model defined SE-CMM appraisal method selected for use in initial pilot appraisals First SE-CMM pilot appraisal completed at TRW Additional pilot appraisals scheduled for summer of 1996 Computer Science Corporation Hughes

    11. First Pilot Appraisal Results The first SSE-CMM pilot appraisal was on conducted at TRW in June 1996 3 days, 10 member appraisal team from TRW, government, and industry Security-specific portions of the model Results The SSE-CMM project identified possible improvements in the model and appraisal method TRW identified improvement activities to further strengthen their security engineering practices

    12. Next Actions Update model and appraisal method based on initial pilot appraisal results Public release SSE-CMM Model Description Version 1.0 SSE-CMM Appraisal Methodology Version 1.0 Explore full pilot appraisals Stand-alone: security aspects only Add-on: adjunct to a completed SE-CMM appraisal Integrated: joint SE/SSE-CMM appraisal

    13. Points of Contact Sponsor John Adams Department of Defense 9800 Savage Road Ft. Meade, MD 20755-6000 410-859-6091 Project Leader Victoria Thompson Arca Systems, Inc. 8229 Boone Boulevard Vienna, VA 22182 703-734-5611

More Related