Most of organization implementing CMMI, complains about the lack of Information Security practices in the CMMI Model. For this CMMI Institute with Siemens AG Corporate Technology has published a technical paper on CMMI for Development and Information Security.
This guide for CMMI® (Capability Maturity Model® Integration) for Development, Version 1.3 (CMMI-DEV, V1.3) and Information Security define additional process areas:
- Organizational Preparedness for Secure Development
- Security Management in Projects
- Security Requirements and Technical Solution
- Security Verification and Validation
These processes can be integrated with existing processes of the Project Management, Engineering and Process Management categories of the model.
The guide is the result of Siemens effort for the testing and development. These developments have been reviewed by security experts in the industry. Guide focuses on these process areas to be implemented in Softwares at the time of development rather than implementing them at the time of crisis.
The guide helps in managing the Customer Security requirements for the software in an effective and proven method and t integrate them in the software right from the inception phase.
Here is the link to the CMMI Institute post – http://cmmiinstitute.com/cmmi-institute-and-siemens-ag-release-technical-paper-security-by-design-with-cmmi-for-development-version-1-3/
Let CMMI Experts help you
DQS India, having experience of working with different security standards like ISO 27001, SSAE16, HIPAA and Mars-e can help your organization in implementing the Information Security with CMMI Practices in your software projects. We can guide you in designing these practices keeping in view the SDLC followed by project teams in developing the software projects and this include agile, incremental, waterfall, prototype etc. methodologies.