I’m going to discuss the acronyms CMMI and NSS, which I’ve kinda sorta discussed before but never in combination. (And as an added bonus I’ll discuss one more acronym.)
Capability Maturity Model Integrated (CMMI)
Back in February and in April I made passing references to CMMI, which stands for the Capability Maturity Model Integration. But I only mentioned it in passing because my experience is with the older Capability Maturity Model (CMM).
Who manages the CMMI?
Information Systems Audit and Control Association (ISACA)
Back in March and in April I either explicitly referenced or implicitly quoted from ISACA, which is the Information Systems Audit and Control Association.
Back in 2016 ISACA acquired the CMMI Institute, which managed CMMI. But the process suites originated earlier.
“CMMI was originally developed at the Software Engineering Institute, a federally funded research and development center within Carnegie Mellon University.”
Thus ISACA governs all CMMI-related activity, including assessments and certifications.
Which brings us to…
National Security Systems (NSS) and National Security Solutions (NSS)
‘Cause you know sometimes acronyms have two meanings.
Although in this case the two are related.
When a foreign-owned company wants to do business with the sensitive parts of the U.S. federal government, they have to set up a set up an entity that is free from foreign ownership, control, or influence. This is FOCI, a bonus acronym for you today.
In the biometric world, there are two notable FOCI-mitigated subsidiaries of foreign companies:
- NEC National Security Systems (NSS), a subsidiary of the Japanese-owned NEC.
- IDEMIA National Security Solutions (NSS), a subsidiary of the primarily U.S.-owned IDEMIA. Primarily, but not exclusively, because a small sliver of IDEMIA is French-owned.
Bringing all the acronyms together
Focusing on IDEMIA National Security Solutions, the company recently made a CMMI-related announcement:
“IDEMIA National Security Solutions (NSS), a subsidiary of IDEMIA, the leading provider of secure and trusted biometric-based solutions, is proud to announce that it has successfully earned re-certification at level 3 of ISACA’s Capability Maturity Model Integration (CMMI®).”
You’ll recall that the CMMI levels go up to Level 5. So IDEMIA NSS is not at the maximum CMMI level, but Level 3 is impressive enough to issue a press release.
IDEMIA NSS’ extensive federal government work dictates that it maintain a number of certifications and conformances. CMMI gives the government agencies assurance that IDEMIA NSS provides its products according to specific quality and process improvement standards.
Bredemarket 