CMS Assessment Model - Information - Security Standards
This page provides brief information about the Security Aspects and Standards that were taken into consideration while implementing the Quality Rules that are mapped to the Security Health Factor.
It is the technical criteria that is mapped to the Business Criteria, and the all the Quality Rules are mapped to these Technical Criterion.
It also provides details on various issues and problems that the security aspects cover and they help in understanding why a particular Quality Rule has been marked under the Security Health Factor.
Please refer to the below pages in the documentation which are helpful in knowing the problems that are associated to the Application Security -
1. Support of the CISQ/OMG Automated Source Code Measurement Standards: This link provides the documentation on the Measurement Standards for every technology like JEE, .NET, SAP, COBOL, etc.
2. Supported Security Standards: This link provides the documentation on the Supported Security standards by CAST AIP. It describes the security flaws that are covered by the standards like Cross Site Scripting, Injection Flaws, Insecure Cryptographic Storage, etc. It also describes how CAST AIP covers all these flaws and their detailed description.