1. What is CISQ?

The Consortium for IT Software Quality™ (CISQ™) is an IT leadership group that develops international standards for automating the measurement of software size and structural quality from the source code. The standards written by CISQ enable IT and business leaders to measure the risk IT applications pose to the business, as well as estimate the cost of ownership. CISQ was co-founded by the Object Management Group® (OMG®) and Software Engineering Institute (SEI) at Carnegie Mellon University. CISQ develops software measurement specifications that are submitted to the OMG for approval as standards.


2. Why do we need CISQ?

Industry needs standard, automated measures for evaluating software size and the structural quality of software from the source code. Establishing a global standard for software structural quality is an important step for enabling these measures to be used in acquiring IT applications from suppliers or for apples-to-apples comparison in benchmarking applications. CISQ fills a critical void since there are no other standards bodies developing standards for automating the measurement of size and quality from the source code of a software system.


3. How does CISQ deploy its standards?

CISQ hosts outreach events, influences policy, and briefs analysts and the media on software quality. CISQ hosts the Cyber Resilience Summit in Washington, DC in March and October to influence the cybersecurity and resilience of mission-critical federal applications. The Cyber Resilience Summit is now also hosted in Europe and Asia. CISQ has submitted position papers and requests for information regarding federal policy from several U.S. government agencies such as NIST, DoD, and the SEC. CISQ is developing a certification program to enable IT organizations to certify the structural quality of IT software they develop or acquire. CISQ is also considering a professional certification exam to advance skills in this area.


4. How do I become a CISQ member?

To become a CISQ member, please click here. You will gain access to the Members Area of the CISQ website where we post whitepapers, event presentations, policy documents, and more. In the membership form you also have the option to subscribe to the CISQ mailing list.


5. Is there a membership fee?

CISQ is an open membership organization. There is no fee to join. CISQ sponsors provide the resources needed to support CISQ’s mission and operations.


6. How is CISQ managed?

CISQ is a program managed by the Object Management Group®, an international, open membership, not-for-profit technology standards consortium. The Executive Director of CISQ is Dr. Bill Curtis, well-known for his work on the Capability Maturity Model (CMM) for software process improvement and software measurement (Read Dr. Curtis’ biography). The work that CISQ undertakes is directed by a Governing Board comprised of executives from sponsoring organizations. CISQ’s Advisory Board helps to advise on awareness and adoption of the standards.


7. What are the benefits of CISQ sponsorship?

Sponsoring CISQ puts IT leaders in the position to directly influence the implementation of the industry standard for the structural quality of software and showcase their leadership in delivering dependable, trustworthy software. CISQ standards are developed by experts from CISQ sponsor organizations. To learn more about becoming a CISQ sponsor, please click here.


8. How does CISQ relate to ISO?

CISQ aims to supplement the ISO/IEC 25000 series of standards. The CISQ Automated Quality Characteristic Measures were developed using definitions in ISO/IEC 25010, the international standard that defines eight software quality characteristics and their sub‐characteristics. The measures supplement ISO/IEC 25023, the standard that enumerates measures of the various sub‐characteristics.The CISQ measures are quantified from the automated analysis of source code (via static analysis) to identify architectural and coding weaknesses in the software. Automated source code standards are needed because manual review is infeasible for large multi‐layer, multi‐language, multi‐platform systems. Dr. Bill Curtis, Executive Director of CISQ, is on the ISO/IEC 25000 team. For more information, read CISQ Supplements ISO/IEC 25000 Series with Automated Quality Characteristic Measures.


9. How does CISQ relate to CMMI?

CISQ is complementary to CMMI (Capability Maturity Model Integration). CISQ measures the structural quality of a software product. CMMI is a model for measuring the maturity of an organization’s software development and maintenance processes. Both standards can be used together to improve an organization’s ability to develop and maintain high quality software.


10. How does CISQ relate to the NIST Cybersecurity Framework?

CISQ is a strong supporter and contributor to the NIST Cybersecurity Framework. For details, click here. CISQ submits comments during open review periods. CISQ’s contributions to the NIST Cybersecurity Framework are automatable source code standards for measuring software size and software structural quality.