Skip to content
Please enter a keyword to search

  • ISO/IEC 21827:2008

    Current The latest, up-to-date edition.

    Information technology Security techniques Systems Security Engineering Capability Maturity Model (SSE-CMM)

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Language(s):  English

    Published date:  16-10-2008

    Publisher:  International Organization for Standardization

    Add To Cart

    Abstract - (Show below) - (Hide below)

    ISO/IEC 21827:2008 specifies the Systems Security Engineering - Capability Maturity Model (SSE-CMM), which describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering. ISO/IEC 21827:2008 does not prescribe a particular process or sequence, but captures practices generally observed in industry. The model is a standard metric for security engineering practices covering the following:

    • the entire life cycle, including development, operation, maintenance and decommissioning activities;
    • the whole organization, including management, organizational and engineering activities;
    • concurrent interactions with other disciplines, such as system, software, hardware, human factors and test engineering; system management, operation and maintenance;
    • interactions with other organizations, including acquisition, system management, certification, accreditation and evaluation.

    The objective is to facilitate an increase of maturity of the security engineering processes within the organization. The SSE-CMM is related to other CMMs which focus on different engineering disciplines and topic areas and can be used in combination or conjunction with them.

    General Product Information - (Show below) - (Hide below)

    Document Type Standard
    Product Note THIS STANDARD ALSO REFERS TO ITSEM92,JOYNES95 ,NIST,NIST SP 800-55,NSA93C
    Publisher International Organization for Standardization
    Status Current
    Supersedes

    Standards Referenced By This Book - (Show below) - (Hide below)

    ISO/IEC 29190:2015 Information technology Security techniques Privacy capability assessment model
    15/30322573 DC : 0 BS ISO/IEC 33071 - INFORMATION TECHNOLOGY - PROCESS ASSESSMENT - AN INTEGRATED PROCESS CAPABILITY ASSESSMENT MODEL FOR ENTERPRISE PROCESSES
    BS ISO 13008:2012 Information and documentation — Digital records conversion and migration process
    PD ISO/IEC TR 19791:2006 Information technology. Security techniques. Security assessment of operational systems
    BS ISO/IEC 33071:2016 Information technology. Process assessment. An integrated process capability assessment model for Enterprise processes
    10/30201931 DC : 0 BS ISO 13008 - INFORMATION AND DOCUMENTATION - DIGITAL RECORDS CONVERSION AND MIGRATION PROCESS
    CAN/CSA-ISO/IEC 27034-1:12 (R2017) Information technology - Security techniques - Application security - Part 1: Overview and concepts (Adopted ISO/IEC 27034-1:2011, first edition, 2011-11-15)
    DD IEC/PAS 62443-3:2008 Security for industrial process measurement and control Network and system security
    BS ISO/IEC 15026-4:2012 Systems and software engineering. Systems and software assurance Assurance in the life cycle
    CSA ISO/IEC 27034-1:2012 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - APPLICATION SECURITY - PART 1: OVERVIEW AND CONCEPTS
    ISO/IEC TR 15443-3:2007 Information technology Security techniques A framework for IT security assurance Part 3: Analysis of assurance methods
    PD ISO/IEC/TR 15026-1:2010 Systems and software engineering. Systems and software assurance Concepts and vocabulary
    IEC TS 62351-2:2008 Power systems management and associated information exchange - Data and communications security - Part 2: Glossary of terms
    ISO/IEC 15026-2:2011 Systems and software engineering — Systems and software assurance — Part 2: Assurance case
    04/30091043 DC : DRAFT DEC 2004 ISO/IEC 19791 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SECURITY ASSESSMENT OF OPERATIONAL SYSTEMS
    CSA ISO/IEC 15026-2 : 2013 SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 2: ASSURANCE CASE
    UNE-ISO/IEC TR 19791:2013 IN Information technology. Security techniques. Security assessment of operational systems
    CSA ISO/IEC TR 15026-1 : 2013 SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY
    ISO/IEC TR 15026-1:2010 Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary
    CSA ISO/IEC 15026-1 : 2015 SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY
    ISO/IEC 15026-4:2012 Systems and software engineering Systems and software assurance Part 4: Assurance in the life cycle
    PD ISO/IEC TR 15443-3:2007 Information technology. Security techniques. A framework for IT security assurance Analysis of assurance methods
    PD ISO/IEC TR 20000-12:2016 Information technology. Service management Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC®
    13/30268559 DC : 0 BS ISO/IEC 15026-1 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 1: CONCEPTS AND VOCABULARY
    04/30115788 DC : DRAFT JUN 2004 ISO/IEC PAS 20886 - INFORMATION TECHNOLOGY - INTERNATIONAL SECURITY, TRUST, AND PRIVACY ALLIANCE - PRIVACY FRAMEWORK
    04/30040790 DC : DRAFT MARCH 2004 ISO/IEC DTR 15443-2 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - A FRAMEWORK FOR IT SECURITY ASSURANCE - PART 2 - ASSURANCE METHODS
    IEEE 15026-3-2013 IEEE Standard Adoption of ISO/IEC 15026-3 -- Systems and Software Engineering -- Systems and Software Assurance -- Part 3: System Integrity Levels
    IEC PAS 62443-3:2008 Security for industrial process measurement and control - Network and system security
    UNI ISO 13008 : 2014 INFORMATION AND DOCUMENTATION - DIGITAL RECORDS CONVERSION AND MIGRATION PROCESS
    ISO/IEC 27034-3:2018 Information technology — Application security — Part 3: Application security management process
    ISO/TR 13569:2005 Financial services Information security guidelines
    ISO/IEC TR 19791:2010 Information technology Security techniques Security assessment of operational systems
    03/652496 DC : DRAFT JUNE 2003 ISO/IEC TR 15443-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - A FRAMEWORK FOR IT SECURITY ASSURANCE - PART 1: OVERVIEW AND FRAMEWORK
    10/30230297 DC : 0 BS ISO/IEC 15026-3 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 3: SYSTEM INTEGRITY LEVELS
    BS ISO/IEC 15026-1:2013 Systems and software engineering. Systems and software assurance Concepts and vocabulary
    10/30215541 DC : 0 BS ISO/IEC 15026-2 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 2: ASSURANCE CASE
    DD IEC/TS 62351-2:2008 Power systems management and associated information exchange. Data and communications security Glossary of terms
    IEEE 15026-2-2011 IEEE Standard--Adoption of ISO/IEC 15026-2:2011 Systems and Software Engineering--Systems and Software Assurance--Part 2: Assurance Case
    ISO 13008:2012 Information and documentation — Digital records conversion and migration process
    ISO/IEC 33071:2016 Information technology Process assessment An integrated process capability assessment model for Enterprise processes
    ISO/IEC 27034-1:2011 Information technology — Security techniques — Application security — Part 1: Overview and concepts
    BS ISO/IEC 29190:2015 Information technology. Security techniques. Privacy capability assessment model
    PD ISO/TR 13569:2005 Financial services. Information security guidelines
    UNE-ISO 13008:2013 Information and documentation. Digital records conversion and migration process.
    12/30248997 DC : 0 BS ISO/IEC 15026-4 - SYSTEMS AND SOFTWARE ENGINEERING - SYSTEMS AND SOFTWARE ASSURANCE - PART 4: ASSURANCE IN THE LIFE CYCLE
    BS ISO/IEC 15026-2:2011 Systems and software engineering. Systems and software assurance Assurance case
    ISO/IEC 15026-1:2013 Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary
    10/30168519 DC : DRAFT JUNE 2010 BS ISO/IEC 27034-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - APPLICATION SECURITY - PART 1: OVERVIEW AND CONCEPTS
    ISO/IEC TR 20000-12:2016 Information technology Service management Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC
    14/30216195 DC : 0 BS ISO/IEC 29190 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - PRIVACY CAPABILITY ASSESSMENT MODEL
    IEEE 15026-4-2013 IEEE Standard Adoption of ISO/IEC 15026-4--Systems and Software Engineering--Systems and Software Assurance--Part 4: Assurance in the Life Cycle
    BS ISO/IEC 27034-1:2011 Information technology. Security techniques. Application security Overview and concepts
    17/30213621 DC : 0 BS ISO/IEC 27034-3 - INFORMATION TECHNOLOGY - APPLICATION SECURITY - PART 3: APPLICATION SECURITY MANAGEMENT PROCESS
    CAN/CSA-ISO/IEC TR 20000-12:18 Information technology — Service management — Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC (Adopted ISO/IEC TR 20000-12:2016, first edition, 2016-10-01)
    CAN/CSA-ISO/IEC 15026-2:13 (R2017) Systems and software engineering - Systems and software assurance - Part 2: Assurance case (Adopted ISO/IEC 15026-2:2011, first edition, 2011-02- 15)
    IEEE/ISO/IEC 15026-1-2014 IEEE Standard Adoption of ISO/IEC 15026-1--Systems and Software Engineering--Systems and Software Assurance--Part 1: Concepts and Vocabulary

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC TR 15443-1:2012 Information technology Security techniques Security assurance framework Part 1: Introduction and concepts
    ISO/IEC TR 14516:2002 Information technology Security techniques Guidelines for the use and management of Trusted Third Party services
    ISO/IEC 15504-4:2004 Information technology Process assessment Part 4: Guidance on use for process improvement and process capability determination
    ISO/IEC 27004:2016 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation
    ISO/IEC 15504-2:2003 Information technology Process assessment Part 2: Performing an assessment
    ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
    ISO/IEC 15288:2008 Systems and software engineering System life cycle processes
    ISO/IEC Guide 73:2002 Risk management Vocabulary Guidelines for use in standards
    ISO/IEC 12207:2008 Systems and software engineering Software life cycle processes
    ISO/IEC 17799:2005 Information technology Security techniques Code of practice for information security management
    ISO 9001:2015 Quality management systems — Requirements
    ISO/IEC Guide 2:2004 Standardization and related activities General vocabulary
    ISO/IEC 15504-1:2004 Information technology Process assessment Part 1: Concepts and vocabulary
    ISO/IEC 11770-1:2010 Information technology Security techniques Key management Part 1: Framework
    ISO 9000-3:1997 Quality management and quality assurance standards Part 3: Guidelines for the application of ISO 9001:1994 to the development, supply, installation and maintenance of computer software
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective