SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST SSDF
Browse NIST SSDF
PO.1.1: Requirements for Infrastructures
PO.1.2: Requirements for Software
PO.1.3: Third Party Requirements Communication
Requirements for Infrastructures
PO.1.1: Identify and document all security requirements for the organization’s software development infrastructures and processes, and maintain the requirements over time.
  • Example 1: Define policies for securing software development infrastructures and their components, including development endpoints, throughout the SDLC and maintaining that security.
  • Example 2: Define policies for securing software development processes throughout the SDLC and maintaining that security, including for open-source and other third-party software components utilized by software being developed.
  • Example 3: Review and update security requirements at least annually, or sooner if there are new requirements from internal or external sources, or a major security incident targeting software development infrastructure has occurred.
  • Example 4: Educate affected individuals on impending changes to requirements.
CMMI Maturity
Not Applicable - Not applicable
Level 1: Initial - Unpredictable and reactive. Work gets completed but is often delayed and over budget.
Level 2: Managed - Managed on the project level. Projects are planned, performed, measured, and controlled.
Level 3: Defined - Proactive, rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
Level 4: Quantitatively Managed - Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
Level 5: Optimized - Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation.
Description

Identify and document all security requirements for the organization’s software development infrastructures and processes, and maintain the requirements over time.