Originally designed as a management tool for OWASP SAMM, SAMMY has rapidly evolved into a comprehensive platform that can support your organization’s entire secure software development and application security management program. Whether you’re focused on security frameworks like ISO 27001 and OWASP SAMM, or broader quality management systems such as ISO 9001, SAMMY is built to adapt.
Our platform offers extensive support for a variety of models, allowing you to seamlessly manage compliance, security, and maturity standards in one place. Plus, SAMMY goes a step further by providing mappings between different frameworks, helping you navigate the complex landscape of regulations with ease.

Frameworks

Here are just a few of the frameworks we currently support:

• OWASP SAMM
• NIST SP 800-34
• NIST Secure Software Development Framework (NIST SSDF)
• NIST Cybersecurity Framework (NIST CSF 2.0) *
• CCB CyberFundamentals Framework
• NIST 800-53 *
• DevSecOps Maturity Model (DSOMM)
• ISO 27001:2022 *
• IEC 62443-4-1 *
• Building Security in Maturity Model (BSIMM) 14

^{* Some of these may be only supported in the licensed versions}
A mapping between these frameworks is readily available through an open source OWASP project, namely OpenCRE. More mappings are also available, but only in the licensed versions.

In a nutshell

All the quality frameworks eventually boil down to a set of basic use-cases that SAMMY supports out-of-the box:

• Evaluate the current situation and create a baseline
• Figure out the improvement roadmap whether it is compliance- or quality-first
• Work the improvement plan
• Re-assess