The SSE-CMM is structured to support a wide variety of improvement activities, including self-administered appraisals, or internal appraisals augmented by expert "facilitators" from inside or outside the organization. Although it is primarily intended for internal process improvement, the SSE-CMM can also be used to evaluate a potential vendor's capability to perform its security engineering process.

The SSE-CMM Appraisal Method

The SSE-CMM Appraisal Method (SSAM) (702 kb, 226 pages) is fully described, along with some support materials for conducting appraisals, in the SSE-CMM Appraisal Method Description. The SSAM is an organization or project-level appraisal method that uses multiple data-gathering methods to obtain information on the processes being practiced within the organization or project selected for appraisal. The figure below illustrates the basic results of an appraisal. A capability level from 1 to 5 is determined for each process area and displayed in a simple bar chart. The actual results of an appraisal include significant detail about each of the areas in this summary and detailed findings.

Guidance for SSE-CMM Appraisal Services

The SSO is currently developing an Appraiser Certification Program based on recommendations made previously by the SSE-CMM Project to ensure that these services are provided in a qualified and highly professional manner. The following qualifications were defined: The SSE-CMM appraisal team should include no more than one member who has not previously participated on a prior CMM appraisal. Each member of the appraisal team should fully meet at least one of the following criteria and collectively the appraisal team should meet al of the criteria: