CMMI Consultant Blog

CMMI Frequently Asked Questions and their responses from CMMI Consultant(s)

  • Home
  • CMMI FAQ
  • CMMI Services
  • About Rajendra Khare
  • « Go to Parent Site – DQSIndia.com

Search CMMI Consultant Blog




What is Security by Design with CMMI for Development?

Information Security 0


20th February, 2015

CMMI Institute released a guide for improving processes for secure products with the name of Security by Design with CMMI for Development, Version 1.3. It was a constant need to develop and deliver secure applications but the processes in the organizations that were developed based on CMMI for Development Models were only concerned with SDLC Best Practices and were not having Security Related best practices. Keeping in view the need of the industry CMMI Institute developed this application guide.

This application guide provides guidance on improving the existing processes with security components. Application guide define a set of 04 additional process areas (PA) for CMMI for Development, Version 1.3 and these PAs integrate seamlessly with existing Process Management, Project Management, and Engineering process area categories of CMMI-DEV.

Overview of these four process areas with security best practices is given below:

  1. Organizational Preparedness for Secure Development (OPSD): The purpose of this process area is to establish and maintain capabilities at organizational level to develop secure products. It also covers management of reported vulnerabilities.
  2. Security Management in Projects (SMP): The purpose of this process area is to establish, identify, plan, and manage security-related activities across the project lifecycle. It also covers the management of security risks related to product.
  3. Security Requirements and Technical Solution (SRTS): The purpose of this process area is to set security requirements in the project. It also focuses on the secure design. This helps in ensuring the implementation of a secure product.
  4. Security Verification and Validation (SVV): This process area helps in ensuring that the selected work products meet their specified security requirements. It also helps in demonstrating that the product or product component fulfills the security expectations when placed in its intended operational environment.

With these processes areas Organization, Project Managers, Process Improvement Professionals and Security Experts can be sure of the security implementation in the products. These process areas can be used to check the Security implementation based on the Specific Practices defined in these process areas.

Share this:

  • Click to email a link to a friend (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)

Like this:

Like Loading...

Related


Published by CMMI Consultant


cmmi, cmmi implementation, Information Security



Previous Post

Changes in SCAMPI MDD V1.3b

Next Post

As a CMMI Consultant, during CMMI consulting assignment, you may be asked about the benefits of CMMI related to Improvement in Schedule Targets, Post-Release Defect Density and Cost Savings to the End User. CMMI Consultants may answer this question by taking input from the post below:

Leave a Reply Cancel reply


Sidebar

Author: Rajendra Khare


Rajendra's LinkedIn Profile
Rajendra is a qualified and certified Lead Appraiser and Instructor for the following :

  • SCAMPI High Maturity Lead Appraiser (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Acquisition (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Development (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Services (Certified)
  • CMMI Institute-Certified Introduction to CMMI-DEV v1.3 Instructor (Certified)
  • CMMI Institute-Certified Services Supplement for CMMI-DEV Instructor (Certified)
  • CMMI Institute-Certified CMMI-DEV Level 2 for Practitioners Instructor (Certified)
  • CMMI Institute-Certified CMMI-DEV Level 3 for Practitioners Instructor (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Acquisition (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Development (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Services (Certified)

Rajendra is Lead Assessor for ISO 9001 (QMS), ISO 14001 (EMS), OHSAS 18001 (OHSMS) since 1994

International Automotive Task Force (IATF) approved Lead Assessor for Automotive Standard TS 16949:2009

Lead Assessor for ISO 27001 (ISMS) and ISO 20000-1 (ITSM)

Rajendra has 25 years experience in the industry.

Tags

cmmi cmmi-acq cmmi-dev cmmi-svc cmmi appraisal CMMI Assessment cmmi benefits CMMI Certification cmmi consultant cmmi consultants cmmi consulting cmmi faq CMMI for Acquisition cmmi for development cmmi for services cmmi high maturity cmmi implementation cmmi institute cmmi maintenance cmmi maturity level cmmi maturity level 2 cmmi maturity level 3 cmmi model cmmi process cmmi process improvement cmmi services configuration management dqs india high maturity Information Security iso 9001 maturity level metrics opd organizational training pal PPQA process improvement qms requirements management risk risk management sam sepg supplier agreement management
© 2023 Copyright © 2017 CMMI Consultant Blog.
Back to top
%d bloggers like this: