Remarks from the Panel Chair
Mary D. Schanken,
National Security Agency
schanken@romulus.ncsc.mil
You may know that the Systems Security Engineering Capability Maturity Model (SSE-CMM) Project has completed its work. Approximately fifty companies and more than twenty different government organizations have been active in the work of the Project during its nearly five-year history of SSE-CMM model development and validation. In particular, the National Security Agency, (NSA) National Institute of Standards and Technology, and the Office of the Secretary of Defense in the United States and the Communications Security Establishment in Canada provided sponsorship and facilitization funding for this joint industry/government effort.
NSA would like to take this opportunity to thank all of those that have participated and supported the development of the Systems Security Engineering Capability Maturity Model and Appraisal Method to Version 2.0. We are proud of the noteworthy accomplishments that have been achieved by this group. Good security engineering practices have been documented and promulgated throughout the security engineering community.
NSA plans to expand our own applications for the SSE-CMM, and to devote our energies and investments to the execution of plans and ideas that take advantage of the existing work of the SSE-CMM Project. We have already begun to implement some of our early plans, particularly for new Department of Defense (DoD) security initiatives. Agencies and departments outside DoD have also used the SSE-CMM to help build model information security programs.
NSA will be applying the Model and its principles in-house and will continue to advocate the best practices. Not only has NSA been able to capitalize on its investment, but the DoD has also greatly benefited from this effort. We are excited about the community acceptance of the INFOSEC Assessment interpretation of the SSE CMM and will continue to work toward greater participation with both service providers and customers for advancing INFOSEC Assessments through the National Information Assurance Partnership. Our first speaker, Chuck Menk from NSA will be addressing these efforts. Other Government efforts have also successfully parlayed the expertise gained from the SSE-CMM into model security programs. Jim Craft from USAID will share his experience implementing the SSE-CMM.