The Object Management Group®'s cybersecurity standards help protect software assets from unauthorized access and penetrations, outages, data corruption, and other operational problems. OMG® modeling language standards also ensure that security is designed upfront as part of a principled design process.Cyber threats facing a nation's critical infrastructure, mission-critical systems, or any Internet of Things (IoT) system, demand a cyber infrastructure that matches their combined enormity and complexity.
The OMG’s work is critical for the safe, confidential, and sustained operation of software systems, regardless of whether software runs in core systems, web apps, mobile apps, or IoT devices. OMG cybersecurity standards include:
- DDS Security™ – Data Distribution Service™ (DDS™) integrates the components of a system together, providing low-latency data connectivity, extreme reliability, and a scalable architecture that business and mission-critical
Internet of Things (IoT) applications need. This standard encrypts DDS communications across network traffic
to ensure it is secure. The specification is listed at www.omg.org/spec/DDS-SECURITY/.
- Automated Source Code Security Measure™ – calculated from assessing 22 of the Top 25 Common Weakness
Enumerations (i.e., CWE/SANS Institute Top 25 most dangerous software errors, and OWASP Top 10) that can be detected through static analysis. These weaknesses include well-known culprits such as SQL injection, buffer overflows, and cross-site scripting. This measure provides an accurate estimate of the likelihood that an attacker can find an exploitable weakness in an application. For more information, visit www.omg.org/spec/ASCSM/.
- Structured Assurance Case Metamodel™ – defines a metamodel for structuring claims, arguments, and evidence for assurance tools. An assurance case is a documented body of evidence that provides a convincing and valid argument that a specified set of critical claims regarding a system’s properties— such as security—is adequately justified for a given application in a given environment. The specification is listed at www.omg.org/spec/SACM/.
- Dependability Assurance Framework For Safety-Sensitive Consumer Devices™ – checks for software security in
safety-critical consumer devices used by the general public as their functionalities become more complex and more connected to Internet of Things or IoT-based technologies. For more information, visit www.omg.org/spec/DAF/.
- Unified Architecture Framework® - visual modeling standard that supports the development of architectures that comply with the USA Department of Defense Architecture Framework (DoDAF) and the UK Ministry of Defence
Architecture Framework (MODAF). UAF also addresses issues such as specifying and procuring secure systems that apply to many general business and public service systems. Find more information at www.omg.org/spec/UAF/.
- Knowledge Discovery Metamodel™ – an ontology for software systems and their ongoing environments that defines common metadata required for deep semantic integration of Application Lifecycle Management tools. KDM is also an ISO/IEC standard (19506). Further details at www.omg.org/spec/KDM.
Cybersecurity Work In Progress
- UML® Operational Threat and Risk Model – an initiative to federate, integrate and map operational threat and risk information across diverse domains, technologies and organizations regardless of the technology, schema or domain.
- Cyber Security Protection for Front Line Real-Time Systems – The C4I Domain Task Force is evaluating the responses to the recent Request for Information (RFI) on this topic and planning its future work, which may include a merger of architecture modeling profile data and threat risk reduction modeling; monitoring of DDS for errors/security effects; and an RFP for PIM definition of Data Tagging to support U.S. and NATO efforts.
We are happy to discuss how OMG membership will benefit your organization! Feel free to explore our website at www.omg.org and when you are ready, please contact email@example.com or call + 1-781-444-0404 to get started.