The Consortium for Information & Software Quality (CISQ) announced that its Automated Source Code Data Protection Measure (ASCDPM) is now an Object Management Group (OMG) standard. The ASCDPM standard measures the extent to which an application can protect confidential data from unauthorized access that could result in unacceptable exposure or theft.
The measure is essential as a source of evidence for complying with regulations. These include the General Data Protection Regulation in Europe, and the U.S. Cybersecurity Maturity Model Certification, California Consumer Privacy Act (enhanced by the California Privacy Rights Act), the Health Insurance Portability and Accountability Act (enhanced with the Health Information Technology for Economic and Clinical Health Act), and the Gramm-Leach-Bliley Act for financial services.
“As part of its continuing program to improve software trustworthiness, CISQ developed the specification approved as OMG’s new standard for measuring the extent to which an application is free of weaknesses that could enable unauthorized access to confidential data. This measure guides compliance with a critical requirement of regulations for protecting confidential information,” said Dr. Bill Curtis, Executive Director of the Consortium for Information and Software Quality (CISQ).
The measure will supplement the ISO/IEC 25023 standard, which provides measures of software product confidentiality, a sub-characteristic of security.