SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST SSDF
Browse NIST SSDF
PO.4.1: Security Checks Criteria Definition
PO.4.2: Security Checks Criteria Implementation
Security Checks Criteria Definition
PO.4.1: Define criteria for software security checks and track throughout the SDLC.
  • Example 1: Ensure that the criteria adequately indicate how effectively security risk is being managed.
  • Example 2: Define key performance indicators (KPIs), key risk indicators (KRIs), vulnerability severity scores, and other measures for software security.
  • Example 3: Add software security criteria to existing checks (e.g., the Definition of Done in agile SDLC methodologies).
  • Example 4: Review the artifacts generated as part of the software development workflow system to determine if they meet the criteria.
  • Example 5: Record security check approvals, rejections, and exception requests as part of the workflow and tracking system.
  • Example 6: Analyze collected data in the context of the security successes and failures of each development project, and use the results to improve the SDLC.
CMMI Maturity
Not Applicable - Not applicable
Level 1: Initial - Unpredictable and reactive. Work gets completed but is often delayed and over budget.
Level 2: Managed - Managed on the project level. Projects are planned, performed, measured, and controlled.
Level 3: Defined - Proactive, rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
Level 4: Quantitatively Managed - Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
Level 5: Optimized - Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation.
Description

Define criteria for software security checks and track throughout the SDLC.