OMG Homepage MDA Homepage CORBA Homepage MOF Homepage UML Homepage CWM Homepage XMI Homepage DDS Homepage OMG MARTE BPMN Homepage SysML Homepage banner
 


OMG Cybersecurity Initiatives

| Home |

Introduction

The Object Management Group®'s cybersecurity standards help protect software assets from unauthorized access and penetrations, outages, data corruption, and other operational problems. OMG® modeling language standards also ensure that security is designed upfront as part of a principled design process.Cyber threats facing a nation's critical infrastructure, mission-critical systems, or any Internet of Things (IoT) system, demand a cyber infrastructure that matches their combined enormity and complexity.

Cybersecurity Standards

The OMG’s work is critical for the safe, confidential, and sustained operation of software systems, regardless of whether software runs in core systems, web apps, mobile apps, or IoT devices. OMG cybersecurity standards include:


 
  • DDS Security™ – Data Distribution Service™ (DDS™) integrates the components of a system together, providing low-latency data connectivity, extreme reliability, and a scalable architecture that business and mission-critical
    Internet of Things (IoT) applications need. This standard encrypts DDS communications across network traffic
    to ensure it is secure. The specification is listed at www.omg.org/spec/DDS-SECURITY/.
  • Automated Source Code Security Measure™ – calculated from assessing 22 of the Top 25 Common Weakness
    Enumerations (i.e., CWE/SANS Institute Top 25 most dangerous software errors, and OWASP Top 10) that can be detected through static analysis. These weaknesses include well-known culprits such as SQL injection, buffer overflows, and cross-site scripting. This measure provides an accurate estimate of the likelihood that an attacker can find an exploitable weakness in an application. For more information, visit www.omg.org/spec/ASCSM/.
  • Structured Assurance Case Metamodel™ – defines a metamodel for structuring claims, arguments, and evidence for assurance tools. An assurance case is a documented body of evidence that provides a convincing and valid argument that a specified set of critical claims regarding a system’s properties— such as security—is adequately justified for a given application in a given environment. The specification is listed at www.omg.org/spec/SACM/.
  • Dependability Assurance Framework For Safety-Sensitive Consumer Devices™ – checks for software security in
    safety-critical consumer devices used by the general public as their functionalities become more complex and more connected to Internet of Things or IoT-based technologies. For more information, visit www.omg.org/spec/DAF/.
  • Unified Architecture Framework® - visual modeling standard that supports the development of architectures that comply with the USA Department of Defense Architecture Framework (DoDAF) and the UK Ministry of Defence
    Architecture Framework (MODAF). UAF also addresses issues such as specifying and procuring secure systems that apply to many general business and public service systems. Find more information at www.omg.org/spec/UAF/.
  • Knowledge Discovery Metamodel™ – an ontology for software systems and their ongoing environments that defines common metadata required for deep semantic integration of Application Lifecycle Management tools. KDM is also an ISO/IEC standard (19506). Further details at www.omg.org/spec/KDM

Cybersecurity Work in Progress

  • UML® Operational Threat and Risk Model – an initiative to federate, integrate and map operational threat and risk information across diverse domains, technologies and organizations regardless of the technology, schema or domain.
  • Cyber Security Protection for Front Line Real-Time Systems – The C4I Domain Task Force is evaluating the responses to the recent Request for Information (RFI) on this topic and planning its future work, which may include a merger of architecture modeling profile data and threat risk reduction modeling; monitoring of DDS for errors/security effects; and an RFP for PIM definition of Data Tagging to support U.S. and NATO efforts.

OMG Managed Consortia Cybersecurity Efforts

OMG manages consortia to foster data sharing partnerships across government, industry and academia. Security is a cross-cutting topic highlighted in deliverables from each consortia.



500+ Member Organizations
IT leadership group chartered to define automatable measures of software size and quality that can be measured in system source code.

Automated Source Code Measure for Security (an OMG standard)
Technical Debt specification

300+ Member Organizations
Promotes development, adoption and widespread use of Industrial Internet: Inter-connected machines & devices, intelligent analytics and people at work.

Industrial Internet Security
Framework

600+ Member Organizations
End user advocacy group provides guidance to cloud customers on standards, security, and interoperability issues surrounding the
transition to the cloud.

Security for Cloud Computing:
10 Steps to Ensure Success

Cloud Security Standards: What to Expect & What to Negotiate

www.it-cisq.org

www.iiconsortium.org

www.cloud-council.org

Next Step

We are happy to discuss how OMG membership will benefit your organization! Feel free to explore our website at www.omg.org and when you are ready, please contact bd-team@omg.org or call + 1-781-444-0404 to get started.

 

Join OMG and help shape the future of Cybersecurity based standards! Hit CounterLast updated on 03/17/2017
Copyright © 1997-2017 Object Management Group, Inc. All Rights Reserved. For questions about the WEBSITE , please contact webmaster@omg.org.
For TECHNICAL questions, please contact
webtech@omg.org
.
Contact BD for info on joining OMG at bd-team@omg.org
Explorer versions 6.0 or later or any browser capable of viewing JavaScript and CSS 2.0. The site is using
DHTML JavaScript Menu By Milonic.com.