ISO/IEC 21827:2008

ISO/IEC 21827:2008 specifies the Systems Security Engineering - Capability Maturity Model® (SSE-CMM®), which describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering. ISO/IEC 21827:2008 does not prescribe a particular process or sequence, but captures practices generally observed in industry. The model is a standard metric for security engineering practices covering the following:

  • the entire life cycle, including development, operation, maintenance and decommissioning activities;
  • the whole organization, including management, organizational and engineering activities;
  • concurrent interactions with other disciplines, such as system, software, hardware, human factors and test engineering; system management, operation and maintenance;
  • interactions with other organizations, including acquisition, system management, certification, accreditation and evaluation.

Eurotech performs evaluations against ISO /IEC 21827:2008