ISO/IEC 21827:2008 Preview

Information technology -- Security techniques -- Systems Security Engineering -- Capability Maturity Model® (SSE-CMM®)

The electronic version of this International Standard can be downloaded from the ISO/IEC Information Technology Task Force (ITTF) web site

ISO/IEC 21827:2008 specifies the Systems Security Engineering - Capability Maturity Model® (SSE-CMM®), which describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering. ISO/IEC 21827:2008 does not prescribe a particular process or sequence, but captures practices generally observed in industry. The model is a standard metric for security engineering practices covering the following:

  • the entire life cycle, including development, operation, maintenance and decommissioning activities;
  • the whole organization, including management, organizational and engineering activities;
  • concurrent interactions with other disciplines, such as system, software, hardware, human factors and test engineering; system management, operation and maintenance;
  • interactions with other organizations, including acquisition, system management, certification, accreditation and evaluation.

The objective is to facilitate an increase of maturity of the security engineering processes within the organization. The SSE-CMM® is related to other CMMs which focus on different engineering disciplines and topic areas and can be used in combination or conjunction with them.


General information

  • Status :  Published
    Publication date : 2008-10
  • Edition : 2
    Number of pages : 144
  • :
    ISO/IEC JTC 1/SC 27
    IT Security techniques
  • 35.030
    IT Security

Buy this standard

Format Language
Paper
  • CHF198

Got a question?

Check out our FAQs

Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

Keep up to date with ISO

Sign up to our newsletter for the latest news, views and product information

 Subscribe