ISO/IEC 21827:2008
Current
The latest, up-to-date edition.
Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®)
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
16-10-2008
ISO/IEC 21827:2008 specifies the Systems Security Engineering - Capability Maturity Model® (SSE-CMM®), which describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering. ISO/IEC 21827:2008 does not prescribe a particular process or sequence, but captures practices generally observed in industry. The model is a standard metric for security engineering practices covering the following:
- the entire life cycle, including development, operation, maintenance and decommissioning activities;
- the whole organization, including management, organizational and engineering activities;
- concurrent interactions with other disciplines, such as system, software, hardware, human factors and test engineering; system management, operation and maintenance;
- interactions with other organizations, including acquisition, system management, certification, accreditation and evaluation.
The objective is to facilitate an increase of maturity of the security engineering processes within the organization. The SSE-CMM® is related to other CMMs which focus on different engineering disciplines and topic areas and can be used in combination or conjunction with them.
Committee |
ISO/IEC JTC 1/SC 27
|
DocumentType |
Standard
|
Pages |
144
|
ProductNote |
THIS STANDARD ALSO REFERS TO ITSEM92,JOYNES95 ,NIST,NIST SP 800-55,NSA93C
|
PublisherName |
International Organization for Standardization
|
Status |
Current
|
Supersedes |
Standards | Relationship |
GOST R ISO/IEC 21827 : 2010 | Identical |
BIS IS 15580 : 2012(R2015) | Identical |
BS ISO/IEC 21827:2008 | Identical |
CSA ISO/IEC 21827:09 (R2019) | Identical |
INCITS/ISO/IEC 21827 : 2009 | Identical |
NEN ISO/IEC 21827 : 2008 | Identical |
06/30143284 DC : DRAFT JULY 2006 | Identical |
CSA ISO/IEC 21827 : 2009 : R2014 | Identical |
CSA ISO/IEC 21827 : 2009 | Identical |
ISO/IEC 29190:2015 | Information technology Security techniques Privacy capability assessment model |
15/30322573 DC : 0 | BS ISO/IEC 33071 - INFORMATION TECHNOLOGY - PROCESS ASSESSMENT - AN INTEGRATED PROCESS CAPABILITY ASSESSMENT MODEL FOR ENTERPRISE PROCESSES |
BS ISO 13008:2012 | Information and documentation — Digital records conversion and migration process |
PD ISO/IEC TR 19791:2006 | Information technology. Security techniques. Security assessment of operational systems |
BS ISO/IEC 33071:2016 | Information technology. Process assessment. An integrated process capability assessment model for Enterprise processes |
10/30201931 DC : 0 | BS ISO 13008 - INFORMATION AND DOCUMENTATION - DIGITAL RECORDS CONVERSION AND MIGRATION PROCESS |
CAN/CSA-ISO/IEC 27034-1:12 (R2017) | Information technology - Security techniques - Application security - Part 1: Overview and concepts (Adopted ISO/IEC 27034-1:2011, first edition, 2011-11-15) |
DD IEC/PAS 62443-3:2008 | Security for industrial process measurement and control Network and system security |
BS ISO/IEC 15026-4:2012 | Systems and software engineering. Systems and software assurance Assurance in the life cycle |
CSA ISO/IEC 27034-1:2012 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - APPLICATION SECURITY - PART 1: OVERVIEW AND CONCEPTS |
ISO/IEC TR 15443-3:2007 | Information technology Security techniques A framework for IT security assurance Part 3: Analysis of assurance methods |
PD ISO/IEC/TR 15026-1:2010 | Systems and software engineering. Systems and software assurance Concepts and vocabulary |
IEC TS 62351-2:2008 | Power systems management and associated information exchange - Data and communications security - Part 2: Glossary of terms |
ISO/IEC 15026-2:2011 | Systems and software engineering — Systems and software assurance — Part 2: Assurance case |
04/30091043 DC : DRAFT DEC 2004 | ISO/IEC 19791 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SECURITY ASSESSMENT OF OPERATIONAL SYSTEMS |
CSA ISO/IEC 15026-2 : 2013 | SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 2: ASSURANCE CASE |
UNE-ISO/IEC TR 19791:2013 IN | Information technology. Security techniques. Security assessment of operational systems |
CSA ISO/IEC TR 15026-1 : 2013 | SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY |
ISO/IEC TR 15026-1:2010 | Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary |
CSA ISO/IEC 15026-1 : 2015 | SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY |
ISO/IEC 15026-4:2012 | Systems and software engineering Systems and software assurance Part 4: Assurance in the life cycle |
PD ISO/IEC TR 15443-3:2007 | Information technology. Security techniques. A framework for IT security assurance Analysis of assurance methods |
PD ISO/IEC TR 20000-12:2016 | Information technology. Service management Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC® |
13/30268559 DC : 0 | BS ISO/IEC 15026-1 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY |
04/30115788 DC : DRAFT JUN 2004 | ISO/IEC PAS 20886 - INFORMATION TECHNOLOGY - INTERNATIONAL SECURITY, TRUST, AND PRIVACY ALLIANCE - PRIVACY FRAMEWORK |
04/30040790 DC : DRAFT MARCH 2004 | ISO/IEC DTR 15443-2 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - A FRAMEWORK FOR IT SECURITY ASSURANCE - PART 2 - ASSURANCE METHODS |
IEEE 15026-3-2013 | IEEE Standard Adoption of ISO/IEC 15026-3 -- Systems and Software Engineering -- Systems and Software Assurance -- Part 3: System Integrity Levels |
IEC PAS 62443-3:2008 | Security for industrial process measurement and control - Network and system security |
UNI ISO 13008 : 2014 | INFORMATION AND DOCUMENTATION - DIGITAL RECORDS CONVERSION AND MIGRATION PROCESS |
ISO/IEC 27034-3:2018 | Information technology — Application security — Part 3: Application security management process |
ISO/TR 13569:2005 | Financial services Information security guidelines |
ISO/IEC TR 19791:2010 | Information technology Security techniques Security assessment of operational systems |
03/652496 DC : DRAFT JUNE 2003 | ISO/IEC TR 15443-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - A FRAMEWORK FOR IT SECURITY ASSURANCE - PART 1: OVERVIEW AND FRAMEWORK |
10/30230297 DC : 0 | BS ISO/IEC 15026-3 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 3: SYSTEM INTEGRITY LEVELS |
BS ISO/IEC 15026-1:2013 | Systems and software engineering. Systems and software assurance Concepts and vocabulary |
10/30215541 DC : 0 | BS ISO/IEC 15026-2 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 2: ASSURANCE CASE |
DD IEC/TS 62351-2:2008 | Power systems management and associated information exchange. Data and communications security Glossary of terms |
IEEE 15026-2-2011 | IEEE Standard--Adoption of ISO/IEC 15026-2:2011 Systems and Software Engineering--Systems and Software Assurance--Part 2: Assurance Case |
ISO 13008:2012 | Information and documentation — Digital records conversion and migration process |
ISO/IEC 33071:2016 | Information technology — Process assessment — An integrated process capability assessment model for Enterprise processes |
ISO/IEC 27034-1:2011 | Information technology — Security techniques — Application security — Part 1: Overview and concepts |
BS ISO/IEC 29190:2015 | Information technology. Security techniques. Privacy capability assessment model |
PD ISO/TR 13569:2005 | Financial services. Information security guidelines |
UNE-ISO 13008:2013 | Information and documentation. Digital records conversion and migration process. |
12/30248997 DC : 0 | BS ISO/IEC 15026-4 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 4: ASSURANCE IN THE LIFE CYCLE |
BS ISO/IEC 15026-2:2011 | Systems and software engineering. Systems and software assurance Assurance case |
ISO/IEC 15026-1:2013 | Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary |
10/30168519 DC : DRAFT JUNE 2010 | BS ISO/IEC 27034-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - APPLICATION SECURITY - PART 1: OVERVIEW AND CONCEPTS |
ISO/IEC TR 20000-12:2016 | Information technology Service management Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC |
14/30216195 DC : 0 | BS ISO/IEC 29190 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - PRIVACY CAPABILITY ASSESSMENT MODEL |
IEEE 15026-4-2013 | IEEE Standard Adoption of ISO/IEC 15026-4--Systems and Software Engineering--Systems and Software Assurance--Part 4: Assurance in the Life Cycle |
BS ISO/IEC 27034-1:2011 | Information technology. Security techniques. Application security Overview and concepts |
17/30213621 DC : 0 | BS ISO/IEC 27034-3 - INFORMATION TECHNOLOGY - APPLICATION SECURITY - PART 3: APPLICATION SECURITY MANAGEMENT PROCESS |
CAN/CSA-ISO/IEC 15026-2:13 (R2017) | Systems and software engineering - Systems and software assurance - Part 2: Assurance case (Adopted ISO/IEC 15026-2:2011, first edition, 2011-02- 15) |
IEEE/ISO/IEC 15026-1-2014 | IEEE Standard Adoption of ISO/IEC 15026-1--Systems and Software Engineering--Systems and Software Assurance--Part 1: Concepts and Vocabulary |
INCITS/ISO/IEC 27034-3:2018(2019) | Information technology — Application security — Part 3: Application security management process<br> |
CAN/CSA-ISO/IEC TR 20000-12:18 | Information technology — Service management — Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC (Adopted ISO/IEC TR 20000-12:2016, first edition, 2016-10-01) |
ISO/IEC TR 15443-1:2012 | Information technology Security techniques Security assurance framework Part 1: Introduction and concepts |
ISO/IEC TR 14516:2002 | Information technology Security techniques Guidelines for the use and management of Trusted Third Party services |
ISO/IEC 15504-4:2004 | Information technology Process assessment Part 4: Guidance on use for process improvement and process capability determination |
ISO/IEC 27004:2016 | Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation |
ISO/IEC 15504-2:2003 | Information technology Process assessment Part 2: Performing an assessment |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO/IEC 15288:2008 | Systems and software engineering — System life cycle processes |
ISO/IEC Guide 73:2002 | Risk management Vocabulary Guidelines for use in standards |
ISO/IEC 12207:2008 | Systems and software engineering — Software life cycle processes |
ISO/IEC 17799:2005 | Information technology Security techniques Code of practice for information security management |
ISO 9001:2015 | Quality management systems — Requirements |
ISO/IEC Guide 2:2004 | Standardization and related activities — General vocabulary |
ISO/IEC 15504-1:2004 | Information technology Process assessment Part 1: Concepts and vocabulary |
ISO/IEC 11770-1:2010 | Information technology Security techniques Key management Part 1: Framework |
ISO 9000-3:1997 | Quality management and quality assurance standards Part 3: Guidelines for the application of ISO 9001:1994 to the development, supply, installation and maintenance of computer software |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.