Mappings

Direct mappings

We maintain a comprehensive mappings spreadsheet covering several standards:

Microsoft SDL and SAMM

Read more in the Microsoft SDL and OWASP SAMM Mapping blog post.

BSIMM 14 and SAMM

Read more in the BSIMM Mapped to OWASP SAMM blog post.

IEC-62443-4-1 and SAMM

Available in the same mappings spreadsheet .

NIST SSDF and SAMM

Created in collaboration with NIST using the National Online Informative Reference (OLIR) Program . View the NIST SSDF mapping spreadsheet . More in the SAMM-NIST SSDF Mapping blog post.

OpenCRE

The SAMM model pages link to OpenCRE in every stream, connecting SAMM to standards like NIST SSDF, ISO27K, PCI-DSS, OWASP ASVS, and NIST 800-53. Learn more in the SAMM connects to OpenCRE blog post.