SAMMY works best on screens 1024px wide or larger.
NIST SSDF
Browse NIST SSDF
PS.3.1: Secure Software Archive Storage PS.3.2: Provenance Data Safeguarding and Sharing
Provenance Data Safeguarding and Sharing
PS.3.2: Collect, safeguard, maintain, and share provenance data for all components of each software release (e.g., in a software bill of materials [SBOM]).
  • Example 1: Make the provenance data available to software acquirers in accordance with the organization’s policies, preferably using standards-based formats.
  • Example 2: Make the provenance data available to the organization’s operations and response teams to aid them in mitigating software vulnerabilities.
  • Example 3: Protect the integrity of provenance data, and provide a way for recipients to verify provenance data integrity.
  • Example 4: Update the provenance data every time any of the software’s components are updated.
CMMI Maturity
Not Applicable - Not applicable
Level 1: Initial - Unpredictable and reactive. Work gets completed but is often delayed and over budget.
Level 2: Managed - Managed on the project level. Projects are planned, performed, measured, and controlled.
Level 3: Defined - Proactive, rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
Level 4: Quantitatively Managed - Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
Level 5: Optimized - Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation.
Description

Collect, safeguard, maintain, and share provenance data for all components of each software release (e.g., in a software bill of materials [SBOM]).