Considering the Case for Security Content in CMMI for Services
As use of the CMMI-SVC model grows, we frequently hear from users who would prefer, as they say, that we had simply “given us a PA or two on security,” rather than asking them to look outside the model. This is not an issue for those users already combining CMMI-SVC and ITIL or ISO or RMM, but is more acute for those using CMMI-SVC alone and wanting to include security in their improvement program. We often and increasingly hear a request from users for CMMI model content more directly on security, especially for CMMI-SVC.
Considering the Case for Security Content in CMMI for Services was published first in 2010 to respond to this request. The content of the document can be helpful to any service organizations that want to include security concerns in their CMMI for Services adoption.