Home
Browse frameworks
Contact us
SAMMY premium
Login
SAMMY UI is optimized for resolutions with a width 1024px and higher.
DSOMM
Browse DSOMM
SAMM
OpenSAMM1.5
Cybersecurity Fundamentals
NIST CSF 2.0
NIST SSDF
NIST 800-34
DSOMM
BSIMM 14
ISO 27001:2022 CMMI
CIS Critical Security Controls
Build and Deployment
Build
Deployment
Patch Management
Culture and Organization
Design
Education and Guidance
Process
Implementation
Application Hardening
Development and Source Code Control
Infrastructure Hardening
Information Gathering
Logging
Monitoring
Test and Verification
Test KPI
Application Tests
Consolidation
Dynamic Depth For Applications
Dynamic Depth For Infrastructure
Static Depth for Applications
Static Depth for Infrastructure
Test Intensity
T-SA-2-2: Software Composition Analysis (server side)
T-SA-2-3: Test for Time to Patch
T-SA-2-4: Test libyear
T-SA-3-1: Local development security checks performed
T-SA-3-2: Software Composition Analysis (client side)
T-SA-3-3: Static analysis for important client side components
T-SA-3-4: Static analysis for important server side components
T-SA-3-5: Test for Patch Deployment Time
T-SA-3-6: API design validation
T-SA-3-7: Exploit likelihood estimation
T-SA-4-1: Static analysis for all self written components
T-SA-4-2: Usage of multiple analyzers
T-SA-5-1: Dead code elimination
T-SA-5-2: Exclusion of source code duplicates
T-SA-5-3: Static analysis for all components/libraries
T-SA-5-4: Stylistic analysis
Test for Patch Deployment Time
T-SA-3-5: Test for Patch Deployment Time
Test of the Patch Deployment Time. This activity is not repeated in the Sub-Dimension "Static depth for infrastructure", but it applies to infrastructure as well.
Not implemented
Partially implemented
Half implemented
Fully implemented