SSE-CMM - Model

The SSE-CMM describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering. The model is intended to be used as a:

Tool for engineering organizations to evaluate security engineering practices and define improvements to them.

Standard mechanism for customers to evaluate a provider's security engineering capability.

Basis for security engineering evaluation organization (e.g., system certifiers and product evaluators) to establish organization capability-based confidences (as an ingredient to system or project security assurance).

The SSE-CMM addresses security engineering activities that span the entire trusted product or secure system life cycle, including concept definition, requirements analysis, design, development, integration, installation, operations, maintenance, and decommissioning.

The SSE-CMM applies secure product developers, secure system developers and integrators, and organizations that provide security services and security engineering.

The SSE-CMM applies to all types and sizes of security engineering organizations, such a commercial, government, and academic.

For more information, download the SSE-CMM Model Document:
Adobe Acrobat File Model Description Document Version 3.0 (340 pages, 1.02 mb)