SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST SSDF
Browse NIST SSDF
PO.3.1 PO.3.2 PO.3.3
Tool Configuration to Generate Artifacts
PO.3.3: Configure tools to generate artifacts of their support of secure software development practices as defined by the organization.
  • Example 1: Use existing tooling (e.g., workflow tracking, issue tracking, value stream mapping) to create an audit trail of the secure development-related actions that are performed for continuous improvement purposes.
  • Example 2: Determine how often the collected information should be audited, and implement the necessary processes.
  • Example 3: Establish and enforce security and retention policies for artifact data.
  • Example 4: Assign responsibility for creating any needed artifacts that tools cannot generate.
CMMI Maturity
Not Applicable - Not applicable
Level 1: Initial - Unpredictable and reactive. Work gets completed but is often delayed and over budget.
Level 2: Managed - Managed on the project level. Projects are planned, performed, measured, and controlled.
Level 3: Defined - Proactive, rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
Level 4: Quantitatively Managed - Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
Level 5: Optimized - Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation.
Description

Configure tools to generate artifacts of their support of secure software development practices as defined by the organization.