GB/T 20261-2020 Information security technology—System security engineering—Capability maturity model

Scope

This standard provides the System Security Engineering Capability Maturity Model (hereinafter referred to as SSE-CMM), which is a process reference model that focuses on the requirements for achieving security for a system or several related systems in the field of information technology security (ITS). In the ITS field, SSE-CMM focuses on the processes used to implement ITS, especially the maturity of these processes. The purpose of SSE-CMM is not to prescribe specific processes used by organizations, nor does it involve specific methods. Instead, it hopes that organizations preparing to use SSE-CMM will utilize their existing processes - those based on any other information technology security guidance documents.
This standard defines SSE-CMM as a model specifically used to improve and evaluate security engineering capabilities. It cannot conduct security engineering activities independently of other engineering disciplines. On the contrary, SSE-CMM believes that security has permeated all engineering disciplines (such as systems, software, and hardware) and handles such interests by defining model components, thereby promoting the integration of these disciplines. The common characteristic "Coordinating Security Practices" acknowledges the need to integrate security with all disciplines and groups involved in a project or co-located within an organization. Similarly, the process domain "Coordinating Security" defines the objectives and mechanisms used to coordinate security engineering activities.

Development Information

Replace the following standards

Referenced Standards

Adopt standards

Related Standards