ISO/IEC 21827:2008 信息技术 安全技术 系统安全工程 能力成熟度模型（SSE-CMM）

标准编号：ISO/IEC 21827:2008

中文名称：信息技术 安全技术 系统安全工程 能力成熟度模型（SSE-CMM）

英文名称：Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®)

发布日期：2008-10

标准范围

ISO/IEC 21827:2008规定了系统安全工程能力成熟度模型？（SSE-CMM？），它描述了为确保良好的安全工程而必须存在的组织安全工程过程的基本特征。ISO/IEC 21827:2008没有规定特定的过程或顺序，但捕捉了工业中普遍观察到的实践。该模型是安全工程实践的标准度量，涵盖以下内容:整个生命周期，包括开发、运营、维护和退役活动；整个组织，包括管理、组织和工程活动；与其他学科的并行交互，如系统、软件、硬件、人为因素和测试工程；系统管理、运维；与其他组织的互动，包括采购、系统管理、认证、认可和评估。目标是促进组织内安全工程流程的成熟度提高。SSE-CMM？与专注于不同工程学科和主题领域的其他坐标测量机相关，可以与它们组合使用。

ISO/IEC 21827:2008 specifies the Systems Security Engineering - Capability Maturity Model？ (SSE-CMM？), which describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering. ISO/IEC 21827:2008 does not prescribe a particular process or sequence, but captures practices generally observed in industry. The model is a standard metric for security engineering practices covering the following:

• the entire life cycle, including development, operation, maintenance and decommissioning activities;


• the whole organization, including management, organizational and engineering activities;


• concurrent interactions with other disciplines, such as system, software, hardware, human factors and test engineering; system management, operation and maintenance;


• interactions with other organizations, including acquisition, system management, certification, accreditation and evaluation.

The objective is to facilitate an increase of maturity of the security engineering processes within the organization. The SSE-CMM？ is related to other CMMs which focus on different engineering disciplines and topic areas and can be used in combination or conjunction with them.

标准预览图