The SAMM model pages on the website have links to OpenCRE in every stream. By linking SAMM to OpenCRE , we’ve made it easier for our users to find relevant and useful resources with every stream, as well as to see how SAMM aligns with other security standards such as NIST SSDF, ISO27K, PCI-DSS, OWASP ASVS, and NIST 800-53.

Learn more in the OWASP SAMM now connects to OpenCRE blog post.


In collaboration with NIST, we created mappings based on the National Online Informative Reference (OLIR) Program . An Informative Reference shows the relationships between the Reference Document elements (NIST SSDF Tasks) and a Focal Document element (OWASP SAMM Streams). This effectively helps users understand the characterization of the nature of each relationship.

You can find the mapping in this spreadsheet . Note that we created the NIST SSDF to SAMM mapping. The reverse mapping is automatically generated and in the current version it is a crosswalk mapping.

More on this in the Tackling App Security with SAMM-NIST SSDF Mapping blog post.