The Consortium for Information & Software Quality (CISQ) has announced that its Automated Source Code Data Protection Measure (ASCDPM) is now an Object Management Group (OMG) standard. The ASCDPM standard measures the extent to which an application can protect confidential data from unauthorized access that could lead to unacceptable exposure or theft.
Measurement is essential as a source of evidence for regulatory compliance. These include the European General Data Protection Regulation and the US Cybersecurity Maturity Model Certification, the California Consumer Privacy Act (enhanced by the California Privacy Rights Act), the Health Insurance Portability and Accountability Act (enhanced by the Health Information Technology for Economic and Clinical Health Act) and the Gramm-Leach-Bliley Act for Financial Services.
“As part of its ongoing software reliability improvement program, CISQ has developed the specification approved as a new OMG standard for measuring the extent to which an application is free from weaknesses that could allow unauthorized access to confidential data. This measure guides compliance with a key regulatory requirement for protecting confidential information,” said Dr. Bill Curtis, executive director of the Consortium for Information and Software Quality (CISQ).
The measure will complement ISO/IEC 25023, which provides software product privacy measures, a sub-characteristic of security.