BSIMM Mapping

November 19, 2015


The Building Security In Maturity Model (BSIMM) is a descriptive model of software security programs. BSIMM gathers the activities that a collection of companies are already doing as a way to assess a firm’s maturity in software security.

Several BSIMM participants are also Security Compass clients, and it’s clear to see why: SD Elements maps to just under 70% of the BSIMM activities. This means that using SD Elements will provide you with assistance in achieving over two thirds of BSIMM activities, though the degree to which it helps will vary by activity.

Broadly, SD Elements helps with BSIMM domains in the following way:

  • Governance: SD Elements serves as a central store for many software security activities. It provides visibility at both aggregate (enterprise-wide or business-unit wide levels) as well as at individual application/project levels. Custom content, embedded training, reporting and compliance mapping round out the major governance capabilities.
  • Intelligence: SD Elements core features are key enablers of security standards, requirements, and design work. SD Elements serves as the first security touchpoint in the software development process for most clients and enables building security in from the start.
  • SSDL Touchpoints: Describing projects in SD Elements and automatically generating tasks provides a scalable baseline for architectural analysis. Moreover, testing tasks and correlation with requirements allows for better tracking of code review and security testing activities. Integration with static and dynamic testing tools tie security testing activities to requirements.
  • Deployment: Though primarily focused on pre-deployment, SD Elements testing tasks provide a way to associate penetration testing activities with other activities from the rest of the software development lifecycle. Projects in SD Elements also serve as a repository of information used for identifying and tracking configuration and vulnerability management.

The attached Excel document (BSIMM Mapping) provides additional detail on how SD Elements capabilities map to the BSIMM activities. If you are currently using BSIMM to measure your software security initiative and you want to learn more about how SD Elements can help, contact us to learn more!

Share this article on Linkedin


Previous Article
The Beginner's Guide to ISO 27034
The Beginner's Guide to ISO 27034

The ISO 27034 standard provides an internationally-recognized standard for application security. Learn more.

Next Article
FFIEC and DDoS Testing
FFIEC and DDoS Testing

DDoS has now secured itself a top 5 spot on most financial institutions’ list of security risks. With a few...

Equilibrium Conference | June 24, 2021. Virtually Meet DevSecOps Leaders & Professionals

Register Now