The Systems Security Engineering Capability Maturity Model (SSE-CMM) is the framework that describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering. The SSE-CMM provides a standard metric for security engineering practices, covering the entire lifecycle of development, operation, maintenance, and decommissioning activities. It also includes management, organizational, and engineering activities, as well as interactions with other disciplines and organizations1.

References: The ISO/IEC 21827:2008 standard specifies the SSE-CMM and outlines its role in defining the essential characteristics of an organization’s security engineering process1. This standard is recognized and used as a reference for good security engineering practices within the industry.