30th October, 2013
Most of organization implementing CMMI, complains about the lack of Information Security practices in the CMMI Model. For this CMMI Institute with Siemens AG Corporate Technology has published a technical paper on CMMI for Development and Information Security.
This guide for CMMI® (Capability Maturity Model® Integration) for Development, Version 1.3 (CMMI-DEV, V1.3) and Information Security define additional process areas:
These processes can be integrated with existing processes of the Project Management, Engineering and Process Management categories of the model.
The guide is the result of Siemens effort for the testing and development. These developments have been reviewed by security experts in the industry. Guide focuses on these process areas to be implemented in Softwares at the time of development rather than implementing them at the time of crisis.
The guide helps in managing the Customer Security requirements for the software in an effective and proven method and t integrate them in the software right from the inception phase.
Here is the link to the CMMI Institute post – http://cmmiinstitute.com/cmmi-institute-and-siemens-ag-release-technical-paper-security-by-design-with-cmmi-for-development-version-1-3/
DQS India, having experience of working with different security standards like ISO 27001, SSAE16, HIPAA and Mars-e can help your organization in implementing the Information Security with CMMI Practices in your software projects. We can guide you in designing these practices keeping in view the SDLC followed by project teams in developing the software projects and this include agile, incremental, waterfall, prototype etc. methodologies.
Previous PostHow to use Lessons Learnt in projects during CMMI Implementation?
Next PostData Management Maturity Model under development by CMMI Institute
Rajendra Khare (MD)
DQS Certification India Private Limited
USA Phone: 703-574-4929, 703-574-4962
Rajendra's LinkedIn Profile
Rajendra is a qualified and certified Lead Appraiser and Instructor for the following :