What is Security by Design with CMMI for Development?

Information Security 0

20th February, 2015

CMMI Institute released a guide for improving processes for secure products with the name of Security by Design with CMMI for Development, Version 1.3. It was a constant need to develop and deliver secure applications but the processes in the organizations that were developed based on CMMI for Development Models were only concerned with SDLC Best Practices and were not having Security Related best practices. Keeping in view the need of the industry CMMI Institute developed this application guide.

This application guide provides guidance on improving the existing processes with security components. Application guide define a set of 04 additional process areas (PA) for CMMI for Development, Version 1.3 and these PAs integrate seamlessly with existing Process Management, Project Management, and Engineering process area categories of CMMI-DEV.

Overview of these four process areas with security best practices is given below:

1. Organizational Preparedness for Secure Development (OPSD): The purpose of this process area is to establish and maintain capabilities at organizational level to develop secure products. It also covers management of reported vulnerabilities.
2. Security Management in Projects (SMP): The purpose of this process area is to establish, identify, plan, and manage security-related activities across the project lifecycle. It also covers the management of security risks related to product.
3. Security Requirements and Technical Solution (SRTS): The purpose of this process area is to set security requirements in the project. It also focuses on the secure design. This helps in ensuring the implementation of a secure product.
4. Security Verification and Validation (SVV): This process area helps in ensuring that the selected work products meet their specified security requirements. It also helps in demonstrating that the product or product component fulfills the security expectations when placed in its intended operational environment.

With these processes areas Organization, Project Managers, Process Improvement Professionals and Security Experts can be sure of the security implementation in the products. These process areas can be used to check the Security implementation based on the Specific Practices defined in these process areas.

You may also like to browse following posts

• CMMI Institute upcoming Webinar – Considering Security with CMMI-DEV & CMMI-SVC
• CMMI Implementation and Information Security
• What are the ways to interest Senior Management in the CMMI Implementation Program or How to win the senior management to sponsor CMMI in the organization?
• Information security attacks that would matter in year 2014
• Patient Data and Information Security