• Shopping Cart
    There are no items in your cart

ISO/IEC 21827:2008

Current

Current

The latest, up-to-date edition.

Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®)

Available format(s)

Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users

Language(s)

English

Published date

16-10-2008

Free

ISO/IEC 21827:2008 specifies the Systems Security Engineering - Capability Maturity Model® (SSE-CMM®), which describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering. ISO/IEC 21827:2008 does not prescribe a particular process or sequence, but captures practices generally observed in industry. The model is a standard metric for security engineering practices covering the following:

  • the entire life cycle, including development, operation, maintenance and decommissioning activities;
  • the whole organization, including management, organizational and engineering activities;
  • concurrent interactions with other disciplines, such as system, software, hardware, human factors and test engineering; system management, operation and maintenance;
  • interactions with other organizations, including acquisition, system management, certification, accreditation and evaluation.

The objective is to facilitate an increase of maturity of the security engineering processes within the organization. The SSE-CMM® is related to other CMMs which focus on different engineering disciplines and topic areas and can be used in combination or conjunction with them.

Committee
ISO/IEC JTC 1/SC 27
DocumentType
Standard
Pages
144
ProductNote
THIS STANDARD ALSO REFERS TO ITSEM92,JOYNES95 ,NIST,NIST SP 800-55,NSA93C
PublisherName
International Organization for Standardization
Status
Current
Supersedes

ISO/IEC 29190:2015 Information technology Security techniques Privacy capability assessment model
15/30322573 DC : 0 BS ISO/IEC 33071 - INFORMATION TECHNOLOGY - PROCESS ASSESSMENT - AN INTEGRATED PROCESS CAPABILITY ASSESSMENT MODEL FOR ENTERPRISE PROCESSES
BS ISO 13008:2012 Information and documentation — Digital records conversion and migration process
PD ISO/IEC TR 19791:2006 Information technology. Security techniques. Security assessment of operational systems
BS ISO/IEC 33071:2016 Information technology. Process assessment. An integrated process capability assessment model for Enterprise processes
10/30201931 DC : 0 BS ISO 13008 - INFORMATION AND DOCUMENTATION - DIGITAL RECORDS CONVERSION AND MIGRATION PROCESS
CAN/CSA-ISO/IEC 27034-1:12 (R2017) Information technology - Security techniques - Application security - Part 1: Overview and concepts (Adopted ISO/IEC 27034-1:2011, first edition, 2011-11-15)
DD IEC/PAS 62443-3:2008 Security for industrial process measurement and control Network and system security
BS ISO/IEC 15026-4:2012 Systems and software engineering. Systems and software assurance Assurance in the life cycle
CSA ISO/IEC 27034-1:2012 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - APPLICATION SECURITY - PART 1: OVERVIEW AND CONCEPTS
ISO/IEC TR 15443-3:2007 Information technology Security techniques A framework for IT security assurance Part 3: Analysis of assurance methods
PD ISO/IEC/TR 15026-1:2010 Systems and software engineering. Systems and software assurance Concepts and vocabulary
IEC TS 62351-2:2008 Power systems management and associated information exchange - Data and communications security - Part 2: Glossary of terms
ISO/IEC 15026-2:2011 Systems and software engineering — Systems and software assurance — Part 2: Assurance case
04/30091043 DC : DRAFT DEC 2004 ISO/IEC 19791 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SECURITY ASSESSMENT OF OPERATIONAL SYSTEMS
CSA ISO/IEC 15026-2 : 2013 SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 2: ASSURANCE CASE
UNE-ISO/IEC TR 19791:2013 IN Information technology. Security techniques. Security assessment of operational systems
CSA ISO/IEC TR 15026-1 : 2013 SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY
ISO/IEC TR 15026-1:2010 Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary
CSA ISO/IEC 15026-1 : 2015 SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY
ISO/IEC 15026-4:2012 Systems and software engineering Systems and software assurance Part 4: Assurance in the life cycle
PD ISO/IEC TR 15443-3:2007 Information technology. Security techniques. A framework for IT security assurance Analysis of assurance methods
PD ISO/IEC TR 20000-12:2016 Information technology. Service management Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC®
13/30268559 DC : 0 BS ISO/IEC 15026-1 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY
04/30115788 DC : DRAFT JUN 2004 ISO/IEC PAS 20886 - INFORMATION TECHNOLOGY - INTERNATIONAL SECURITY, TRUST, AND PRIVACY ALLIANCE - PRIVACY FRAMEWORK
04/30040790 DC : DRAFT MARCH 2004 ISO/IEC DTR 15443-2 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - A FRAMEWORK FOR IT SECURITY ASSURANCE - PART 2 - ASSURANCE METHODS
IEEE 15026-3-2013 IEEE Standard Adoption of ISO/IEC 15026-3 -- Systems and Software Engineering -- Systems and Software Assurance -- Part 3: System Integrity Levels
IEC PAS 62443-3:2008 Security for industrial process measurement and control - Network and system security
UNI ISO 13008 : 2014 INFORMATION AND DOCUMENTATION - DIGITAL RECORDS CONVERSION AND MIGRATION PROCESS
ISO/IEC 27034-3:2018 Information technology — Application security — Part 3: Application security management process
ISO/TR 13569:2005 Financial services Information security guidelines
ISO/IEC TR 19791:2010 Information technology Security techniques Security assessment of operational systems
03/652496 DC : DRAFT JUNE 2003 ISO/IEC TR 15443-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - A FRAMEWORK FOR IT SECURITY ASSURANCE - PART 1: OVERVIEW AND FRAMEWORK
10/30230297 DC : 0 BS ISO/IEC 15026-3 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 3: SYSTEM INTEGRITY LEVELS
BS ISO/IEC 15026-1:2013 Systems and software engineering. Systems and software assurance Concepts and vocabulary
10/30215541 DC : 0 BS ISO/IEC 15026-2 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 2: ASSURANCE CASE
DD IEC/TS 62351-2:2008 Power systems management and associated information exchange. Data and communications security Glossary of terms
IEEE 15026-2-2011 IEEE Standard--Adoption of ISO/IEC 15026-2:2011 Systems and Software Engineering--Systems and Software Assurance--Part 2: Assurance Case
ISO 13008:2012 Information and documentation — Digital records conversion and migration process
ISO/IEC 33071:2016 Information technology — Process assessment — An integrated process capability assessment model for Enterprise processes
ISO/IEC 27034-1:2011 Information technology — Security techniques — Application security — Part 1: Overview and concepts
BS ISO/IEC 29190:2015 Information technology. Security techniques. Privacy capability assessment model
PD ISO/TR 13569:2005 Financial services. Information security guidelines
UNE-ISO 13008:2013 Information and documentation. Digital records conversion and migration process.
12/30248997 DC : 0 BS ISO/IEC 15026-4 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 4: ASSURANCE IN THE LIFE CYCLE
BS ISO/IEC 15026-2:2011 Systems and software engineering. Systems and software assurance Assurance case
ISO/IEC 15026-1:2013 Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary
10/30168519 DC : DRAFT JUNE 2010 BS ISO/IEC 27034-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - APPLICATION SECURITY - PART 1: OVERVIEW AND CONCEPTS
ISO/IEC TR 20000-12:2016 Information technology Service management Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC
14/30216195 DC : 0 BS ISO/IEC 29190 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - PRIVACY CAPABILITY ASSESSMENT MODEL
IEEE 15026-4-2013 IEEE Standard Adoption of ISO/IEC 15026-4--Systems and Software Engineering--Systems and Software Assurance--Part 4: Assurance in the Life Cycle
BS ISO/IEC 27034-1:2011 Information technology. Security techniques. Application security Overview and concepts
17/30213621 DC : 0 BS ISO/IEC 27034-3 - INFORMATION TECHNOLOGY - APPLICATION SECURITY - PART 3: APPLICATION SECURITY MANAGEMENT PROCESS
CAN/CSA-ISO/IEC 15026-2:13 (R2017) Systems and software engineering - Systems and software assurance - Part 2: Assurance case (Adopted ISO/IEC 15026-2:2011, first edition, 2011-02- 15)
IEEE/ISO/IEC 15026-1-2014 IEEE Standard Adoption of ISO/IEC 15026-1--Systems and Software Engineering--Systems and Software Assurance--Part 1: Concepts and Vocabulary
INCITS/ISO/IEC 27034-3:2018(2019) Information technology — Application security — Part 3: Application security management process<br>
CAN/CSA-ISO/IEC TR 20000-12:18 Information technology — Service management — Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC (Adopted ISO/IEC TR 20000-12:2016, first edition, 2016-10-01)

ISO/IEC TR 15443-1:2012 Information technology Security techniques Security assurance framework Part 1: Introduction and concepts
ISO/IEC TR 14516:2002 Information technology Security techniques Guidelines for the use and management of Trusted Third Party services
ISO/IEC 15504-4:2004 Information technology Process assessment Part 4: Guidance on use for process improvement and process capability determination
ISO/IEC 27004:2016 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation
ISO/IEC 15504-2:2003 Information technology Process assessment Part 2: Performing an assessment
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 15288:2008 Systems and software engineering — System life cycle processes
ISO/IEC Guide 73:2002 Risk management Vocabulary Guidelines for use in standards
ISO/IEC 12207:2008 Systems and software engineering — Software life cycle processes
ISO/IEC 17799:2005 Information technology Security techniques Code of practice for information security management
ISO 9001:2015 Quality management systems — Requirements
ISO/IEC Guide 2:2004 Standardization and related activities — General vocabulary
ISO/IEC 15504-1:2004 Information technology Process assessment Part 1: Concepts and vocabulary
ISO/IEC 11770-1:2010 Information technology Security techniques Key management Part 1: Framework
ISO 9000-3:1997 Quality management and quality assurance standards Part 3: Guidelines for the application of ISO 9001:1994 to the development, supply, installation and maintenance of computer software

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.