SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST SSDF
Browse NIST SSDF
PO.3.1: Tool Selection
PO.3.2: Tool Best Practices
PO.3.3: Tool Configuration to Generate Artifacts
Tool Selection
PO.3.1: Specify which tools or tool types must or should be included in each toolchain to mitigate identified risks, as well as how the toolchain components are to be integrated with each other.
  • Example 1: Define categories of toolchains, and specify the mandatory tools or tool types to be used for each category.
  • Example 2: Identify security tools to integrate into the developer toolchain.
  • Example 3: Define what information is to be passed between tools and what data formats are to be used.
  • Example 4: Evaluate tools’ signing capabilities to create immutable records/logs for auditability within the toolchain.
  • Example 5: Use automated technology for toolchain management and orchestration.
CMMI Maturity
Not Applicable - Not applicable
Level 1: Initial - Unpredictable and reactive. Work gets completed but is often delayed and over budget.
Level 2: Managed - Managed on the project level. Projects are planned, performed, measured, and controlled.
Level 3: Defined - Proactive, rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
Level 4: Quantitatively Managed - Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
Level 5: Optimized - Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation.
Description

Specify which tools or tool types must or should be included in each toolchain to mitigate identified risks, as well as how the toolchain components are to be integrated with each other.