ebook img

The SSE-CMM Appraisal Method PDF

226 Pages·1999·0.69 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The SSE-CMM Appraisal Method

Capability M aturity M odel Appraisal Method Version 2.0 April 16, 1999 (cid:1)(cid:2)(cid:3)(cid:4)(cid:5)(cid:6)(cid:3)(cid:7)(cid:1)(cid:5)(cid:8)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:12)(cid:13)(cid:14)(cid:11)(cid:13)(cid:5)(cid:5)(cid:10)(cid:11)(cid:13)(cid:14)(cid:7)(cid:15)(cid:16)(cid:17)(cid:16)(cid:18)(cid:11)(cid:19)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:16)(cid:4)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:21)(cid:22)(cid:5)(cid:19)(cid:7)(cid:23)(cid:17)(cid:17)(cid:10)(cid:16)(cid:11)(cid:3)(cid:16)(cid:19)(cid:7)(cid:20)(cid:5)(cid:4)(cid:24)(cid:21)(cid:22)(cid:7)(cid:25)(cid:26)(cid:27)(cid:28) Systems Security Engineering Capability Maturity Model (SSE-CMM) Appraisal Method – Version 2.0 Copyright © 1999 Systems Security Engineering Capability Maturity Model (SSE-CMM) Project Permission to reproduce this product and to prepare derivative works from this product is granted royalty-free, provided the copyright is included with all reproductions and derivative works. This document includes excerpts from “A Systems Engineering Capability Maturity Model, Version 1.1,” CMU/SEI-95-MM-003, published in November 1995. The Systems Engineering CMM is “Copyright © 1995 by Carnegie Mellon University. This work is a collaborative effort of Hughes Space and Communications, Hughes Telecommunications and Space, Lockheed Martin, Software Engineering Institute, Software Productivity Consortium, and Texas Instruments Incorporated. Permission to reproduce this product and to prepare derivative works from this product is granted royalty-free, provided the copyright is included with all reproductions and derivative works.” (cid:29)(cid:7)(cid:11)(cid:7)(cid:29) (cid:1)(cid:2)(cid:3)(cid:4)(cid:5)(cid:6)(cid:3)(cid:7)(cid:1)(cid:5)(cid:8)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:12)(cid:13)(cid:14)(cid:11)(cid:13)(cid:5)(cid:5)(cid:10)(cid:11)(cid:13)(cid:14)(cid:7)(cid:15)(cid:16)(cid:17)(cid:16)(cid:18)(cid:11)(cid:19)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:16)(cid:4)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:21)(cid:22)(cid:5)(cid:19)(cid:7)(cid:23)(cid:17)(cid:17)(cid:10)(cid:16)(cid:11)(cid:3)(cid:16)(cid:19)(cid:7)(cid:20)(cid:5)(cid:4)(cid:24)(cid:21)(cid:22)(cid:7)(cid:25)(cid:26)(cid:27)(cid:28) (cid:30)(cid:16)(cid:18)(cid:19)(cid:5)(cid:7)(cid:21)(cid:31)(cid:7)(cid:15)(cid:21)(cid:13)(cid:4)(cid:5)(cid:13)(cid:4)(cid:3) TABLE OF CONTENTS..............................................................................................................II ACKNOWLEDGEMENTS..........................................................................................................V TO THE READER......................................................................................................................XI CHAPTER 1 INTRODUCTION TO THE SSE-CMM APPRAISAL METHOD (SSAM)..1 1.1 DOCUMENT OVERVIEW........................................................................................................1 1.2 SSAM OVERVIEW................................................................................................................1 1.3 APPRAISAL PARTICIPANT ROLES AND DESCRIPTIONS.........................................................2 1.4 APPRAISAL TYPES................................................................................................................6 CHAPTER 2APPRAISAL METHOD PHASES.........................................................................8 2.1 PLANNING.............................................................................................................................9 2.1.1 Scope Appraisal..........................................................................................................11 2.1.2 Collect Preliminary Evidence....................................................................................14 2.1.3 Plan Appraisal...........................................................................................................16 2.2 PREPARATION.....................................................................................................................20 2.2.1 Prepare Appraisal Team............................................................................................22 2.2.2 Administer Questionnaire..........................................................................................25 2.2.3 Consolidate Evidence.................................................................................................27 2.2.4 Analyze Evidence/Questionnaire................................................................................29 2.3 ON-SITE..............................................................................................................................31 2.3.1 Conduct Executive Meeting........................................................................................34 2.3.2 Conduct Opening Meeting.........................................................................................36 2.3.3 Interview Project Leads.............................................................................................38 2.3.4 Consolidate & Interpret Data from Project Leads....................................................40 2.3.5 Interview Practitioners...............................................................................................42 2.3.6 Consolidate Data from Practitioners.........................................................................44 2.3.7 Analyze Data Tracking Sheet.....................................................................................46 2.3.8 Develop Preliminary Findings...................................................................................48 2.3.9 Follow-Up Questions and Interviews.........................................................................50 2.3.10 Develop Rating.......................................................................................................52 2.3.11 Develop Final Findings..........................................................................................54 2.3.12 Manage Appraisal Records....................................................................................56 2.3.13 Conduct Wrap-Up..................................................................................................58 2.4 REPORTING PHASE.............................................................................................................59 2.4.1 Develop Final Report.................................................................................................61 2.4.2 Report Appraisal Outcomes to Sponsor.....................................................................63 2.4.3 Manage Appraisal Artifacts.......................................................................................65 2.4.4 Report Lessons Learned.............................................................................................66 CHAPTER 3 SPONSOR ORGANIZATION GUIDANCE...................................................69 3.1 INTRODUCTION...................................................................................................................69 3.2 ESTABLISHING APPRAISAL GOALS.....................................................................................69 3.3 CHOOSING AN APPRAISER ORGANIZATION........................................................................71 3.4 TAILORABLE PARAMETERS................................................................................................71 3.4.1 Process Areas [PAs]..................................................................................................71 3.4.2 Target Capability Level..............................................................................................71 3.4.3 Questionnaire.............................................................................................................71 3.4.4 Projects......................................................................................................................72 (cid:29)(cid:7)(cid:11)(cid:11)(cid:7)(cid:29) (cid:1)(cid:2)(cid:3)(cid:4)(cid:5)(cid:6)(cid:3)(cid:7)(cid:1)(cid:5)(cid:8)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:12)(cid:13)(cid:14)(cid:11)(cid:13)(cid:5)(cid:5)(cid:10)(cid:11)(cid:13)(cid:14)(cid:7)(cid:15)(cid:16)(cid:17)(cid:16)(cid:18)(cid:11)(cid:19)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:16)(cid:4)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:21)(cid:22)(cid:5)(cid:19)(cid:7)(cid:23)(cid:17)(cid:17)(cid:10)(cid:16)(cid:11)(cid:3)(cid:16)(cid:19)(cid:7)(cid:20)(cid:5)(cid:4)(cid:24)(cid:21)(cid:22)(cid:7)(cid:25)(cid:26)(cid:27)(cid:28) 3.4.5 Interviewees................................................................................................................72 3.4.6 Reporting Method.......................................................................................................72 3.4.7 Evidence.....................................................................................................................73 3.4.8 Relationship with Site Coordinator............................................................................73 CHAPTER 4 APPRAISER ORGANIZATION GUIDELINES............................................75 4.1 INTRODUCTION...................................................................................................................75 4.2 PLANNING PHASE GUIDANCE.............................................................................................75 4.2.1 Defining the Appraisal Scope.....................................................................................75 4.2.2 Planning the Appraisal Specifics...............................................................................75 4.2.3 Selecting Appraisal Team Members...........................................................................75 4.3 PREPARATION PHASE GUIDANCE.......................................................................................76 4.3.1 Selecting Appropriate Questionnaire Recipients.......................................................76 4.3.2 Analyze Questionnaire...............................................................................................77 4.3.3 Exploratory questions................................................................................................78 4.3.4 Types of Evidence.......................................................................................................79 4.3.5 Collecting Evidence....................................................................................................79 4.3.6 Analyzing Evidence....................................................................................................79 4.3.7 Handling Evidence.....................................................................................................80 4.4 ON-SITE PHASE GUIDANCE................................................................................................80 4.4.1 Conducting Meetings..................................................................................................80 4.4.2 Managing Appraisal Records.....................................................................................80 4.4.3 Conducting Wrap-Up.................................................................................................81 4.4.4 Developing the Rating Profile....................................................................................81 4.4.5 Rating presentation formats.......................................................................................81 4.4.6 Developing Findings..................................................................................................82 4.5 REPORTING PHASE GUIDANCE...........................................................................................84 4.5.1 Reporting on the Appraisal........................................................................................84 4.5.2 Managing Artifacts.....................................................................................................84 4.5.3 Utilizing Lessons Learned..........................................................................................84 APPENDIX A APPRAISAL PLAN.........................................................................................A.1 1PPENDIX B SCHEDULES...................................................................................................B.1 APPENDIX C APPRAISAL PLANNING CHECKLIST......................................................C-1 APPENDIX D QUESTIONNAIRE..........................................................................................D.1 PA01 ADMINISTER SECURITY CONTROLS.............................................................................D.2 PA02 ASSESS IMPACT............................................................................................................D.6 PA03 ASSESS SECURITY RISK..............................................................................................D.10 PA04 ASSESS THREAT.........................................................................................................D.14 PA05 ASSESS VULNERABILITY............................................................................................D.18 PA06 BUILD ASSURANCE ARGUMENT.................................................................................D.22 PA07 COORDINATE SECURITY.............................................................................................D.26 PA08 MONITOR SECURITY POSTURE...................................................................................D.30 PA09 PROVIDE SECURITY INPUT.........................................................................................D.34 PA10 SPECIFY SECURITY NEEDS.........................................................................................D.38 PA11 VERIFY AND VALIDATE SECURITY............................................................................D.42 PA12 ENSURE QUALITY.......................................................................................................D.46 PA13 MANAGE CONFIGURATIONS.......................................................................................D.50 PA14 MANAGE PROGRAM RISK...........................................................................................D.54 PA15 MONITOR AND CONTROL TECHNICAL EFFORT..........................................................D.58 PA16 PLAN TECHNICAL EFFORT..........................................................................................D.62 PA17 DEFINE ORGANIZATION’S SYSTEMS ENGINEERING PROCESSES...............................D.66 (cid:29)(cid:7)(cid:11)(cid:11)(cid:11)(cid:7)(cid:29) (cid:1)(cid:2)(cid:3)(cid:4)(cid:5)(cid:6)(cid:3)(cid:7)(cid:1)(cid:5)(cid:8)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:12)(cid:13)(cid:14)(cid:11)(cid:13)(cid:5)(cid:5)(cid:10)(cid:11)(cid:13)(cid:14)(cid:7)(cid:15)(cid:16)(cid:17)(cid:16)(cid:18)(cid:11)(cid:19)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:16)(cid:4)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:21)(cid:22)(cid:5)(cid:19)(cid:7)(cid:23)(cid:17)(cid:17)(cid:10)(cid:16)(cid:11)(cid:3)(cid:16)(cid:19)(cid:7)(cid:20)(cid:5)(cid:4)(cid:24)(cid:21)(cid:22)(cid:7)(cid:25)(cid:26)(cid:27)(cid:28) PA18 IMPROVE ORGANIZATION’S SYSTEM ENGINEERING PROCESSES...............................D.70 PA19 MANAGE PRODUCT LINE EVOLUTION........................................................................D.74 PA20 MANAGE SYSTEMS ENGINEERING SUPPORT ENVIRONMENT.....................................D.78 PA21 PROVIDE ONGOING SKILLS AND KNOWLEDGE..........................................................D.82 PA22 COORDINATE WITH SUPPLIERS...................................................................................D.86 APPENDIX E DATA TRACKING SHEET [DTS]................................................................E.1 APPENDIX F EVIDENCE TRACKING SHEET [ETS]......................................................F.4 APPENDIX G OPENING AND CLOSING BRIEFINGS.....................................................G.1 APPENDIX H REFERENCES...............................................................................................H.16 APPENDIX I REQUEST FOR COMMENTS.......................................................................I.1 (cid:29)(cid:7)(cid:11)(cid:25)(cid:7)(cid:29) (cid:1)(cid:2)(cid:3)(cid:4)(cid:5)(cid:6)(cid:3)(cid:7)(cid:1)(cid:5)(cid:8)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:12)(cid:13)(cid:14)(cid:11)(cid:13)(cid:5)(cid:5)(cid:10)(cid:11)(cid:13)(cid:14)(cid:7)(cid:15)(cid:16)(cid:17)(cid:16)(cid:18)(cid:11)(cid:19)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:16)(cid:4)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:21)(cid:22)(cid:5)(cid:19)(cid:7)(cid:23)(cid:17)(cid:17)(cid:10)(cid:16)(cid:11)(cid:3)(cid:16)(cid:19)(cid:7)(cid:20)(cid:5)(cid:4)(cid:24)(cid:21)(cid:22)(cid:7)(cid:25)(cid:26)(cid:27)(cid:28) (cid:23)(cid:8) (cid:13)(cid:21)!(cid:19)(cid:5)(cid:22)(cid:14)(cid:6)(cid:5)(cid:13)(cid:4)(cid:3) (cid:1)(cid:17)(cid:21)(cid:13)(cid:3)(cid:21)(cid:10)(cid:11)(cid:13)(cid:14)(cid:7)"(cid:10)(cid:14)(cid:16)(cid:13)(cid:11)#(cid:16)(cid:4)(cid:11)(cid:21)(cid:13)(cid:3) Organizations have sponsored the SSE-CMM Project through provision of technical support staff as well as the infrastructure for sustaining the continuing efforts. These organizations include National Security Agency, Office of the Secretary of Defense, and Communications Security Establishment (Canada). (cid:29)(cid:7)(cid:25)(cid:7)(cid:29) (cid:1)(cid:2)(cid:3)(cid:4)(cid:5)(cid:6)(cid:3)(cid:7)(cid:1)(cid:5)(cid:8)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:12)(cid:13)(cid:14)(cid:11)(cid:13)(cid:5)(cid:5)(cid:10)(cid:11)(cid:13)(cid:14)(cid:7)(cid:15)(cid:16)(cid:17)(cid:16)(cid:18)(cid:11)(cid:19)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:16)(cid:4)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:21)(cid:22)(cid:5)(cid:19)(cid:7)(cid:23)(cid:17)(cid:17)(cid:10)(cid:16)(cid:11)(cid:3)(cid:16)(cid:19)(cid:7)(cid:20)(cid:5)(cid:4)(cid:24)(cid:21)(cid:22)(cid:7)(cid:25)(cid:26)(cid:27)(cid:28) $(cid:16)(cid:10)(cid:4)(cid:11)(cid:8)(cid:11)(cid:17)(cid:16)(cid:4)(cid:11)(cid:13)(cid:14)(cid:7)"(cid:10)(cid:14)(cid:16)(cid:13)(cid:11)#(cid:16)(cid:4)(cid:11)(cid:21)(cid:13)(cid:3) The Systems Security Engineering Capability Maturity Model (SSE-CMM) is a community- owned model, and is a result of the dedicated work of many individuals. The following list acknowledges the efforts and support of those organizations that contributed to the effort through participation in Working Groups or as reviewers: Arca Systems, Inc. Mitretek Systems AverStar, Inc. Motorola BDM International, Inc. National Center for Supercomputing Booz-Allen & Hamilton, Inc. Applications Cisco Systems National Institute for Standards and Technology Communications Security Establishment National Security Agency (Canada) Naval Research Laboratory Computer Sciences Canada Navy Command, Control, Operations Support Computer Sciences Corporation Center Research, Development, Testing & Evaluation Division (NRaD) Critical Information Assurance Office Northrop Grumman Data Systems Analysts, Inc. Office of the Secretary of Defense Defense Information Systems Agency Okiok Data Domus Software Oracle Corporation E-Systems pragma Systems Corporation Electronic Data Systems Predicate Logic, Inc. Electronic Warfare Associates – Canada, Ltd. Rapid Systems Solutions, Inc. Fites and Associates San Antonio Air Logistics Center Fuentez Systems Concepts, Inc. Science Applications International Corporation G-J Consulting Signal 9 Solutions GRC International, Inc. Software Engineering Institute Harris Corporation SPARTA, Inc. Hughes Aircraft Stanford Telecom IIT Research Institute Systems Research & Applications Institute for Computer & Information Sciences Tax Modernization Institute Institute for Defense Analyses The Sachs Groups Internal Revenue Service tOmega Engineering ITT Aerospace Trusted Information Systems JOTA System Security Consultants, Inc. TRW Lockheed Martin Management and Data Unisys Government Systems Systems United States Agency for International Lockheed Martin Mission Systems Development (USAID) Merdan Group, Inc. MITRE Corporation (cid:29)(cid:7)(cid:25)(cid:11)(cid:7)(cid:29) (cid:1)(cid:2)(cid:3)(cid:4)(cid:5)(cid:6)(cid:3)(cid:7)(cid:1)(cid:5)(cid:8)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:12)(cid:13)(cid:14)(cid:11)(cid:13)(cid:5)(cid:5)(cid:10)(cid:11)(cid:13)(cid:14)(cid:7)(cid:15)(cid:16)(cid:17)(cid:16)(cid:18)(cid:11)(cid:19)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:16)(cid:4)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:21)(cid:22)(cid:5)(cid:19)(cid:7)(cid:23)(cid:17)(cid:17)(cid:10)(cid:16)(cid:11)(cid:3)(cid:16)(cid:19)(cid:7)(cid:20)(cid:5)(cid:4)(cid:24)(cid:21)(cid:22)(cid:7)(cid:25)(cid:26)(cid:27)(cid:28) (cid:1)(cid:1)(cid:12)(cid:29)(cid:15)(cid:20)(cid:20)(cid:7)$(cid:10)(cid:21)%(cid:5)(cid:8)(cid:4)(cid:7)(cid:30)(cid:5)(cid:16)(cid:6)(cid:7)(cid:20)(cid:5)(cid:6)(cid:18)(cid:5)(cid:10)(cid:3) Since January 1995, the SSE-CMM Project team members have participated in the development of the SSE-CMM Model Description and Appraisal Method, and have promoted the adoption of the SSE-CMM. The following are members of the SSE-CMM Project team: Abzug, Charles Institute for Computer & Information Sciences Adams, John Trusted Information Systems Aldrich, Mark GRC International, Inc. Bacoyanis, Gus TRW Barrett, Claire Arca Systems, Inc. Bass, Frank tOmega Engineering Bratton, Vicky E-Systems Burke, Karen Lockheed Martin Management and Data Systems Campbell, Chris Motorola Govt. & Space Technology Group Cartier, Gene Systems Research & Applications Corp. Casimir, Michael National Security Agency Cheetham, Chris National Security Agency Childers, Susy Computer Sciences Corporation Cohen, Aaron JOTA System Security Consultants, Inc. Craft, Jim Systems Research & Applications Danner, Bonnie TRW Government Information Services Division Dawson, Bill BDM International, Inc. DeGrafft, Hart Sparta, Inc. DeMello, Jeff Oracle Corp. Diggs, Galina Predicate Logic, Inc. Emery, Patrick GRC International, Inc. Ferraiolo, Karen Arca Systems, Inc. Filsinger, Jarrellann Trusted Information Systems Fordham, Mal IIT Research Institute Fowler, Joan Data Systems Analysts, Inc. Gallagher, Lisa Arca Systems, Inc. Gambel, Dan Mitretek George, Bruce National Security Agency Gibson, Virgil Computer Sciences Corporation Gilmore, Linda Computer Sciences Corporation Gove, Ron SAIC Hart, Tom GRC International, Inc. Heaney, Jody MITRE Corporation Hefner, Rick TRW Henning, Ronda Harris Corporation Hopkinson, John Electronic Warfare Associates - Canada, Ltd. Hsiao, David GRC International, Inc. Jelen, George GJ Consulting Klein, Penny DISA/CISS (cid:29)(cid:7)(cid:25)(cid:11)(cid:11)(cid:7)(cid:29) (cid:1)(cid:2)(cid:3)(cid:4)(cid:5)(cid:6)(cid:3)(cid:7)(cid:1)(cid:5)(cid:8)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:12)(cid:13)(cid:14)(cid:11)(cid:13)(cid:5)(cid:5)(cid:10)(cid:11)(cid:13)(cid:14)(cid:7)(cid:15)(cid:16)(cid:17)(cid:16)(cid:18)(cid:11)(cid:19)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:16)(cid:4)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:21)(cid:22)(cid:5)(cid:19)(cid:7)(cid:23)(cid:17)(cid:17)(cid:10)(cid:16)(cid:11)(cid:3)(cid:16)(cid:19)(cid:7)(cid:20)(cid:5)(cid:4)(cid:24)(cid:21)(cid:22)(cid:7)(cid:25)(cid:26)(cid:27)(cid:28) Knode, Ron Computer Sciences Corporation Koepnick, Glenn San Antonio Air Logistics Center Landoll, Doug Arca Systems, Inc. Lorenz, Natalie Booz-Allen & Hamilton Menk, Chuck National Security Agency Monroe, Warren Hughes Aircraft Nickel, James ITT Niemeyer, Robert Stanford Telecom Obenza, Ray Software Engineering Institute Payne, Charles Secure Computing Corporation Pearson, Dallas National Security Agency Robbins, James Electronic Warfare Associates - Canada, Ltd. Rowe, Kenneth National Center for Supercomputing Applications Sachs, Joel The Sachs Groups Sacksteder, Julie Merdan Group, Inc. Schanken, Mary National Security Agency Schwartz, Robert TRW Shafer, Rob Systems Research & Applications Simmons, Marty Lockheed Martin Mission Systems Thompson, Victoria Arca Systems, Inc. Toth, Pat National Institute of Standards and Technology Wager, Gene CPSG/San Antonio Air Force Logistics Center Weaver, Gary Harris Corporation Weiss, Howard Sparta, Inc. West, Charles Science Applications International Corporation Wichers, Dave Arca Systems, Inc. Williams, Jeff Arca Systems, Inc. Wilson, William Arca Systems, Inc. Zola, Marty Rapid Systems Solutions, Inc. (cid:29)(cid:7)(cid:25)(cid:11)(cid:11)(cid:11)(cid:7)(cid:29) (cid:1)(cid:2)(cid:3)(cid:4)(cid:5)(cid:6)(cid:3)(cid:7)(cid:1)(cid:5)(cid:8)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:12)(cid:13)(cid:14)(cid:11)(cid:13)(cid:5)(cid:5)(cid:10)(cid:11)(cid:13)(cid:14)(cid:7)(cid:15)(cid:16)(cid:17)(cid:16)(cid:18)(cid:11)(cid:19)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:16)(cid:4)(cid:9)(cid:10)(cid:11)(cid:4)(cid:2)(cid:7)(cid:20)(cid:21)(cid:22)(cid:5)(cid:19)(cid:7)(cid:23)(cid:17)(cid:17)(cid:10)(cid:16)(cid:11)(cid:3)(cid:16)(cid:19)(cid:7)(cid:20)(cid:5)(cid:4)(cid:24)(cid:21)(cid:22)(cid:7)(cid:25)(cid:26)(cid:27)(cid:28) ’(cid:5)(cid:25)(cid:11)(cid:5)!(cid:5)(cid:10)(cid:3) Several expert reviewers commented on intermediate releases of SSE-CMM Project work products and participated in formal Project Reviews. Their comments and suggestions were important in ensuring the quality and validity of the model and the appraisal method. This group includes: R. Batie Northrop Grumman D. Busson Booz-Allen & Hamilton K. Cusick SECAT B. Danner TRW D. Evans Unisys Govt. Systems S. Garcia SEI L. Gates NRaD T. Havighurst NSA G. Miller BDM Federal W. Pearce TRW D. Preston IIT Research Institute B. Riski Hughes Information Technology Systems M. Shupack US Navy/SPAWAR G. Stephens GTE S. Welke IDA D. Werling BDM International (cid:29)(cid:7)(cid:11)&(cid:7)(cid:29)

Description:
Apr 16, 1999 Systems Security Engineering Appraisal Method – Version 2.0 Systems Security Engineering Capability Maturity Model (SSE-CMM) Project PA18 IMPROVE ORGANIZATION'S SYSTEM ENGINEERING PROCESSES.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.