SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST SSDF
Browse NIST SSDF
PO.2.1: Roles and Responsibilities
PO.2.2: Role-based Training
PO.2.3: Management Commitment
Roles and Responsibilities
PO.2.1: Create new roles and alter responsibilities for existing roles as needed to encompass all parts of the SDLC. Periodically review and maintain the defined roles and responsibilities, updating them as needed.
  • Example 1: Define SDLC-related roles and responsibilities for all members of the software development team.
  • Example 2: Integrate the security roles into the software development team.
  • Example 3: Define roles and responsibilities for cybersecurity staff, security champions, project managers and leads, senior management, software developers, software testers, software assurance leads and staff, product owners, operations and platform engineers, and others involved in the SDLC.
  • Example 4: Conduct an annual review of all roles and responsibilities.
  • Example 5: Educate affected individuals on impending changes to roles and responsibilities, and confirm that the individuals understand the changes and agree to follow them.
  • Example 6: Implement and use tools and processes to promote communication and engagement among individuals with SDLC-related roles and responsibilities, such as creating messaging channels for team discussions.
  • Example 7: Designate a group of individuals or a team as the code owner for each project.
CMMI Maturity
Not Applicable - Not applicable
Level 1: Initial - Unpredictable and reactive. Work gets completed but is often delayed and over budget.
Level 2: Managed - Managed on the project level. Projects are planned, performed, measured, and controlled.
Level 3: Defined - Proactive, rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
Level 4: Quantitatively Managed - Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
Level 5: Optimized - Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation.
Description

Create new roles and alter responsibilities for existing roles as needed to encompass all parts of the SDLC. Periodically review and maintain the defined roles and responsibilities, updating them as needed.