The National Security Agency has seen a need for a more appropriate information systems security assessment. While companies provide commercial security products and services, it would usually take them so long to develop new products and services relevant to the times and to the technologies of today. Not only does in lag in time factor, the process of innovating products and services would also usually entail large amounts of money and this expense would then be passed on the end users. Another thing is that these products they come up with seldom go through independent evaluation. The users are then left to decide for themselves based on the claims of the providers.
NSA then sees a way to tackle this need. And that is by developing a Capability Maturity Model for security engineering. This CMM National Security Agency effort is the agency’s contribution to the security engineering community. It was set forth in 1993 with the hope that the entire industry would respond by coming up with a criteria on which CMM would be based upon.
The main purpose, of course, of the CMM National Security Agency effort is to help the consumers judge whether one security product and service provider has good qualifications or not. It also aims to improve the overall quality of the services rendered by the industry. By providing a valid and solid way to do assessment, customers would be guided accordingly. Through this CMM not only will the criteria be provided but a standardized metric as well.
If there is one area in Capability Maturity Model that requires full attention in comprehending it, it is the Capability Maturity Model Programming. The technical aspects that CMM programming entails makes it not only difficult to understand and comprehend but more particularly, it becomes specifically complex.
CMM programming involves understanding the design of the software and its interface in order to be able to utilize it effectively and efficiently. More specific, CMM programming involves the following sections:
• The user-friendliness aspect of the software. This is where interaction with the tool programmers and setters is more evident as they try to make sure that the software is interactive with the users.
• The Graphical User Interface aspect of the software. As we all, all software programs that are being used at this time are graphic-based. The GUI team will ensure that appropriate graphical interface setting is achieved for the users.
• The Report Generation mechanism of the software. It is substantially needed that the CMM programming is capable of generating meaningful information after the whole process has been concluded. An organization needs information and when the CMM programming is no longer capable of providing that information, then it becomes useless.
There are so many attributes of an effective CMM programming that are needed to ensure that objectives of the organization are going to be realized after implementing the Capability Maturity Model. In trying to ensure that all these attributes are existent in the CMM Program is a good manifestation that success in achieving the objectives is clearly on its way.