CMMI Frequently Asked Questions and their responses from CMMI Consultant(s)
CMMI Implementation and Information Security
30th October, 2013
Most of organization implementing CMMI, complains about the lack of Information Security practices in the CMMI Model. For this CMMI Institute with Siemens AG Corporate Technology has published a technical paper on CMMI for Development and Information Security.
This guide for CMMI® (Capability Maturity Model® Integration) for Development, Version 1.3 (CMMI-DEV, V1.3) and Information Security define additional process areas:
- Organizational Preparedness for Secure Development
- Security Management in Projects
- Security Requirements and Technical Solution
- Security Verification and Validation
These processes can be integrated with existing processes of the Project Management, Engineering and Process Management categories of the model.
The guide is the result of Siemens effort for the testing and development. These developments have been reviewed by security experts in the industry. Guide focuses on these process areas to be implemented in Softwares at the time of development rather than implementing them at the time of crisis.
The guide helps in managing the Customer Security requirements for the software in an effective and proven method and t integrate them in the software right from the inception phase.
Here is the link to the CMMI Institute post – http://cmmiinstitute.com/cmmi-institute-and-siemens-ag-release-technical-paper-security-by-design-with-cmmi-for-development-version-1-3/
Let CMMI Experts help you
DQS India, having experience of working with different security standards like ISO 27001, SSAE16, HIPAA and Mars-e can help your organization in implementing the Information Security with CMMI Practices in your software projects. We can guide you in designing these practices keeping in view the SDLC followed by project teams in developing the software projects and this include agile, incremental, waterfall, prototype etc. methodologies.
Previous Post
How to use Lessons Learnt in projects during CMMI Implementation?Next Post
Data Management Maturity Model under development by CMMI InstituteSidebar
Author: Rajendra Khare
Rajendra's LinkedIn Profile
Rajendra is a qualified and certified Lead Appraiser and Instructor for the following :
- SCAMPI High Maturity Lead Appraiser (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Acquisition (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Development (Certified)
- CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Services (Certified)
- CMMI Institute-Certified Introduction to CMMI-DEV v1.3 Instructor (Certified)
- CMMI Institute-Certified Services Supplement for CMMI-DEV Instructor (Certified)
- CMMI Institute-Certified CMMI-DEV Level 2 for Practitioners Instructor (Certified)
- CMMI Institute-Certified CMMI-DEV Level 3 for Practitioners Instructor (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Acquisition (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Development (Certified)
- CMMI Institute-Certified SCAMPI B & C Team Leader for Services (Certified)
Rajendra is Lead Assessor for ISO 9001 (QMS), ISO 14001 (EMS), OHSAS 18001 (OHSMS) since 1994
International Automotive Task Force (IATF) approved Lead Assessor for Automotive Standard TS 16949:2009
Lead Assessor for ISO 27001 (ISMS) and ISO 20000-1 (ITSM)
Rajendra has 25 years experience in the industry.