ISSUED: Revision expected 2005     Pages: ~117

DISPOSITION: License

SCOPE & PURPOSE: This standard describes a method and framework for constructing a Project process that assures the quality and completeness of information needed to produce a secure, quality product.

68 Project Life Cycle activities are defined in workbench model, including their recommended inputs and the output destinations. Descriptions for how to transform inputs to produce quality information are included for each activity. Approximately 110 processes and sub processes are identified. This standard is organized by process/processes in the following mammer: project management, pre-development, development, post development, and supporting processes; (verification and validation, configuration management, and documentation and training.)

The appendix provides tailoring templates for common process activities, such as ground up product development, revisions and integrations. The standard accomodates any style of project management and development, addresses any part of the the Project Life Cycle and can be used with any SDLC model.

USER: This standard is for all software engineers and managers responsible for software development and maintenance and for security practicioners interested in guiding and controlling how security is integrated in to the SDLC.

SECURITY: This standard supports a "Defense in Depth" approach and includes specific activities describing when and how to address security issues in the software life cycle. Security management guidance is is derived from and consistent with ISO/IEC 17799 Code of Practice for Security Management
This standard also integrates guidance and assets from ISO/IEC 15408 Common Criteria

ISSUING ORGANIZATION:  Insitute of Electrical and Electronics Engineers (IEEE)

ORGINATING COMMITTEEE OR BODY: Software Engineering Standards Committee; IEEE Computer Society

CATEGORY: General Engineering Standard

Back to Standard Comparison