OMG Cybersecurity Initiatives
| Home |
Last updated on
The Object Management Group®'s cybersecurity standards help
protect software assets from unauthorized access and
penetrations, outages, data corruption, and other operational
problems. OMG® modeling language standards also ensure that
security is designed upfront as part of a principled design
process.Cyber threats facing a nation's critical infrastructure,
mission-critical systems, or any Internet of Things (IoT)
system, demand a cyber infrastructure that matches their
combined enormity and complexity.
The OMG’s work is critical for the safe, confidential, and
sustained operation of software systems, regardless of whether
software runs in core systems, web apps, mobile apps, or
IoT devices. OMG cybersecurity standards include:
- DDS Security™ – Data Distribution Service™ (DDS™)
integrates the components of a system together, providing
low-latency data connectivity, extreme reliability, and a
scalable architecture that business and mission-critical
Internet of Things (IoT) applications need. This standard
encrypts DDS communications across network traffic
to ensure it is secure. The specification is listed at www.omg.org/spec/DDS-SECURITY/.
- Automated Source Code Security Measure™ –
calculated from assessing 22 of the Top 25 Common Weakness
Enumerations (i.e., CWE/SANS Institute Top 25 most dangerous
software errors, and OWASP Top 10) that can be detected
through static analysis. These weaknesses include well-known
culprits such as SQL injection, buffer overflows, and
cross-site scripting. This measure provides an accurate
estimate of the likelihood that an attacker can find an
exploitable weakness in an application. For more information,
- Structured Assurance Case Metamodel™ – defines a
metamodel for structuring claims, arguments, and evidence for
assurance tools. An assurance case is a documented body of
evidence that provides a convincing and valid argument that a
specified set of critical claims regarding a system’s
properties— such as security—is adequately justified for a
given application in a given environment. The specification is
listed at www.omg.org/spec/SACM/.
- Dependability Assurance Framework For Safety-Sensitive
Consumer Devices™ – checks for software security in
safety-critical consumer devices used by the general public as
their functionalities become more complex and more connected
to Internet of Things or IoT-based technologies. For more
information, visit www.omg.org/spec/DAF/.
- Unified Architecture Framework® - visual modeling
standard that supports the development of architectures that
comply with the USA Department of Defense Architecture
Framework (DoDAF) and the UK Ministry of Defence
Architecture Framework (MODAF). UAF also addresses issues such
as specifying and procuring secure systems that apply to many
general business and public service systems. Find more
information at www.omg.org/spec/UAF/.
- Knowledge Discovery Metamodel™ – an ontology for
software systems and their ongoing environments that defines
common metadata required for deep semantic integration of
Application Lifecycle Management tools. KDM is also an ISO/IEC
standard (19506). Further details at www.omg.org/spec/KDM.
Cybersecurity Work in Progress
- UML® Operational Threat and Risk Model – an
initiative to federate, integrate and map operational threat
and risk information across diverse domains, technologies and
organizations regardless of the technology, schema or domain.
- Cyber Security Protection for Front Line Real-Time
Systems – The C4I Domain Task Force is evaluating the
responses to the recent Request for Information (RFI) on this
topic and planning its future work, which may include a merger
of architecture modeling profile data and threat risk
reduction modeling; monitoring of DDS for errors/security
effects; and an RFP for PIM definition of Data Tagging to
support U.S. and NATO efforts.
OMG Managed Consortia Cybersecurity
OMG manages consortia to foster data sharing partnerships across
government, industry and academia. Security is a cross-cutting topic
highlighted in deliverables from each consortia.
500+ Member Organizations
IT leadership group chartered to define automatable measures of
software size and quality that can be measured in system source code.
300+ Member Organizations
Promotes development, adoption and widespread use of Industrial
Internet: Inter-connected machines & devices, intelligent
analytics and people at work.
600+ Member Organizations
End user advocacy group provides guidance to cloud customers on
standards, security, and interoperability issues surrounding the
transition to the cloud.
We are happy to discuss how OMG membership will benefit your
organization! Feel free to explore our website at www.omg.org
and when you are ready, please contact firstname.lastname@example.org or call +
1-781-444-0404 to get started.