The SSE-CMM is designed to measure and help improve a security engineering organization’s capability, but does that translate into increased assurance in the security of a system or product produced by that organization?

The SSE-CMM goal, to gain confidence that a customer’s security needs are met, includes:

- To provide a way to measure and enhance the way in which an organization translates customer security needs into a security engineering process to produce products that effectively meet their needs;

- To provide an alternate assurance viewpoint for customers who may not need the formal assurances provided by full evaluation or certification and accreditation efforts;

- To provide a standard which customers can use to gain confidence that their security needs will be adequately addressed.

It is of paramount importance that customer needs for security functionality and assurance are accurately recorded, understood, and translated into security and assurance requirements for a system. Once the final product is produced, the users must be able to see that it reflects and satisfies their needs. The SSE-CMM specifically includes processes designed to achieve these goals.

Visit the library for assurance-related papers and presentations.