|
|
|
The System Security Engineering Capability Maturity Model (SSE-CMM) [461, 462, 591, 985] is a process-oriented methodology for developing secure systems based on the Software Engineering Capability Maturity Model (SE-CMM). SSE-CMM was developed by a team of security experts from the U.S. government and industries to advance security engineering as a defined, mature, and measurable discipline. It helps engineering organizations define practices and processes and to focus on improvement efforts. The SSE-CMM became ISO Standard 21827 in 2002.
Taking a very abstract view, there is a similarity between evaluation of processes using a capability model and evaluation of security functionality using an assurance model. Capability models define requirements for processes, whereas methodologies such as the CC and its predecessors define requirements for security functionality. Capability models assess how mature a process is, whereas the CC type methodology evaluates how much assurance is provided for the functionality. SSE-CMM provides maturity levels, whereas the other methodologies provide levels of trust. In each case, there are specific requirements for the process or functionality and different levels of maturity or trust that can be applied to each.
The SSE-CMM can be used to assess the capabilities of security engineering processes and provide guidance in designing and improving them, thereby improving an organization's security engineering capability. The SSE-CMM provides an evaluation technique for an organization's security engineering. Applying the SSE-CMM can support assurance evidence and increase confidence in the trustworthiness of a product or system.
The SSE-CMM is organized into processes and maturity levels. Generally speaking, the processes define what needs to be accomplished by the security engineering process and the maturity levels categorize how well the process accomplishes its goals.
Definition 21–8. A process capability is the range of expected results that can be achieved by following the process. It is a predictor of future project outcomes.
Definition 21–9. Process performance is a measure of the actual results achieved.
Definition 21–10. Process maturity is the extent to which a process is explicitly defined, managed, measured, controlled, and effective.
The SSE-CMM contains 11 process areas.
Administer Security Controls
Assess Impact
Assess Security Risk
Assess Threat
Assess Vulnerability
Build Assurance Argument
Coordinate Security
Monitor System Security Posture
Provide Security Input
Specify Security Needs
Verify and Validate Security
The definition of each process area contains a goal for the process area and a set of base processes that support the process area. The SSE-CMM defines more than 60 base processes within the 11 process areas.
|
EXAMPLE: The definition of the Assess Threat process area contains the goal that threats to the security of the system be identified and characterized. The base processes are
|
Eleven additional process areas related to project and organizational practices adapted from the SE-CMM are
Ensure Quality
Manage Configuration
Manage Project Risk
Monitor and Control Technical Effort
Plan Technical Effort
Define Organization's Systems Engineering Process
Improve Organization's Systems Engineering Process
Manage Product Line Evolution
Manage Systems Engineering Support Environment
Provide Ongoing Skills and Knowledge
Coordinate with Suppliers
The five Capability Maturity Levels that represent increasing process maturity are as follows.
Performed Informally. Base processes are performed.
Planned and Tracked. Project-level definition, planning, and performance verification issues are addressed.
Well-Defined. The focus is on defining and refining a standard practice and coordinating it across the organization.
Quantitatively Controlled. This level focuses on establishing measurable quality goals and objectively managing their performance.
Continuously Improving. At this level, organizational capability and process effectiveness are improved.
Application of the SSE-CMM is a straightforward analysis of existing processes to determine which base processes have been met and the maturity levels they have achieved. The same process can help an organization determine which security engineering processes they may need but do not currently have in practice.
This is accomplished using the well-defined base processes and capability maturity levels that were overviewed in the preceding section. One starts with a process area, identifying the area goals and base processes that SSE-CMM defines for the process area. If all the processes within a process area are present, then the next step of the analysis involves determining how mature the base processes are by assessing them against the Capability Maturity Levels. Such an analysis is not simple and may involve interactions with engineers who actually use the process. The result of the analysis culminates in identification of the current level of maturity for each base process in the process area.
The analysis continues as described above for each process area. Processes within an area may have varying levels of maturity, and the level of maturity for the process area would be the lowest level represented by the set of levels for the base process. A useful way of looking at the result of a complete SSE-CMM analysis is to use a Rating Profile, which is a tabular representation of process areas versus maturity levels. An example of such a profile is provided in Figure 21-1. In a similar fashion, process area rating profiles can be used to show the ratings provided for individual base processes within a process area.
|
|
|
| Top |