SS Software security

SS - P-SSCRM mapping

	G.1.1 Organizational security requirements
	G.1.2 Software license conflict
	G.1.3 Produce attestation
	G.1.5 Deliver SBOM
	G.2.1 Upper management support
	G.2.2 Secure SDLC checks
	G.2.3 Roles and responsibilities
	G.2.4 Security code review policy
	G.2.5 Asset inventory
	G.2.6 Protection of information at rest
	G.3.1 Security-related contract terms
	G.3.2 Separation of duties
	G.4.1 Role-based training
	G.4.2 Contingency training
	G.4.3 Gather attack trends
	G.5.1 Criticality analysis
	G.5.2 Track security risks and decisions
	G.5.3 Security metrics
	G.5.4 Data-informed product decisions
	P.1.1 Product security requirements
	P.1.2 Software release integrity
	P.2.1 Security design review
	P.2.2 Secure coding
	P.2.6 Confirm Integrity of AI model data
	P.3.1 Component and container choice
	P.3.2 Trusted repositories
	P.3.3 Require signed commits
	P.3.4 Vetted third-party component and container repositories
	P.4.1 Security code review
	P.4.2 Automated security scanning tools
	P.4.3 Automated vulnerability detection
	P.4.5 Regular third-party compliance
	P.5.1 SBOM consumption
	P.5.2 Dependency update
	E.1.2 Version control
	E.1.5 Branch protection
	E.2.1 Release policy verification
	D.1.1 Vulnerability analysis
	D.1.2 Risk-based vulnerability remediation
	D.1.3 Vulnerability disclosure
	D.1.4 Vulnerability eradication
	D.1.6 Root cause analysis
	P.3.5 Prevent component vetting bypass
	D.1.5 Emergency artifact fix
	G.3.x Support Upstream Dependencies
	E.3.x Development Environment Scanning Tools
	D.1.x Establish Response Partnerships