Documenting the use of auxiliary security content in SCAMPI appraisals
In response to requests for CMMI model content that addresses security concerns, CMMI Institute and some of our partners have developed five auxiliary process areas that can be used in concert with the official model content to enrich the security efforts of organizations using CMMI for Development and CMMI for Services.
The process areas are defined in two technical papers:
Considering the Case for Security Content in CMMI for Services includes the Security Management process area. (This process area was developed with CMMI for Services in mind; however, because it is a management process it can be used with success in development and acquisition environments as well.)
Security by Design for CMMI for Development includes four additional process areas: Organizational Preparedness for Secure Development, Security Management in Projects, Security Requirements and Technical Solution, and Security Verification and Validation.
Organizations that use the security process areas along with CMMI for Development or CMMI for Services and would like to include a record of their use in a SCAMPI appraisal can do so using the method outlined in this document.
This document is intended to be used as a reference tool for Lead Appraisers and Appraisal Team Members, and is not an official extension of the SCAMPI MDD V1.3a.