Press Release

CISQ Automated Source Code Data Protection Specification becomes Object Management Group Standard


BOSTON, MA – AUGUST 11, 2022 – The Consortium for Information & Software Quality&tr (CISQ™) today announced that its Automated Source Code Data Protection Measure (ASCDPM) is now an Object Management Group® (OMG®) standard. The ASCDPM standard measures the extent to which an application can protect confidential data from unauthorized access that could result in unacceptable exposure or theft.

The measure is essential as a source of evidence for complying with regulations. These include the General Data Protection Regulation in Europe and the U.S. Cybersecurity Maturity Model Certification, California Consumer Privacy Act (enhanced by the California Privacy Rights Act), the Health Insurance Portability and Accountability Act (enhanced with the Health Information Technology for Economic and Clinical Health Act), and the Gramm-Leach-Bliley Act for financial services.

“As part of its continuing program to improve software trustworthiness, CISQ developed the specification approved as OMG’s new standard for measuring the extent to which an application is free of weaknesses that could enable unauthorized access to confidential data. This measure guides compliance with a critical requirement of regulations for protecting confidential information,” said Dr. Bill Curtis, Executive Director of the Consortium for Information and Software Quality (CISQ).

The measure will supplement the ISO/IEC 25023 standard, which provides measures of software product confidentiality, a sub-characteristic of security. Please download the ASCDPM standard from the OMG website.



About CISQ
The Consortium for Information and Software Quality™ (CISQ™) is an industry leadership group that develops international standards for automating the measurement of software size and structural quality from the source code. The standards, written by CISQ, enable organizations developing or acquiring software-intensive systems to measure the operational risk software poses to the business, as well as estimate the cost of corrective maintenance.  CISQ was co-founded by the Object Management Group® (OMG®) and Software Engineering Institute (SEI) at Carnegie Mellon University. For more information, visit


Karen Quatromoni
[email protected]
+1 781-444-0404

Note to editors: For a listing of all OMG trademarks, visit All other trademarks are the property of their respective owners.