search menu icon-carat-right cmu-wordmark

Advancing Cybersecurity Capability Measurement Using the CERT-RMM Maturity Indicator Level Scale

Technical Note
In this report, the authors review the specific and generic goals and practices in CERT-RMM to determine if a better scale could be developed.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2013-TN-028
DOI (Digital Object Identifier)
10.1184/R1/6571847.v1

Abstract

A maturity model is a set of characteristics, attributes, indicators, or patterns that represent progression and achievement in a particular domain or discipline. Maturity models typically have levels arranged in an evolutionary scale that defines measurable transitions from one level of maturity to another. The current version of the CERT Resilience Management Model (CERT-RMM v1.2) utilizes the maturity architecture (levels and descriptions) as provided in the Capability Maturity Model Integration (CMMI) constellation models to ensure consistency with CMMI. The spacing between maturity levels often causes CERT-RMM practitioners some difficulty. To address some of these issues, the CERT Division of Carnegie Mellon University's Software Engineering Institute did a comprehensive review of the existing specific and generic goals and practices in CERT-RMM to determine if a better scale could be developed to help users of the model show incremental improvement in maturity without breaking the original intent of the CMMI maturity levels. This technical note presents the results: the maturity indicator level scale, or CERT-RMM MIL scale.

Cite This Technical Note

Butkovic, M., & Caralli, R. (2013, November 7). Advancing Cybersecurity Capability Measurement Using the CERT-RMM Maturity Indicator Level Scale. (Technical Note CMU/SEI-2013-TN-028). Retrieved April 23, 2024, from https://doi.org/10.1184/R1/6571847.v1.

@techreport{butkovic_2013,
author={Butkovic, Matthew and Caralli, Richard},
title={Advancing Cybersecurity Capability Measurement Using the CERT-RMM Maturity Indicator Level Scale},
month={Nov},
year={2013},
number={CMU/SEI-2013-TN-028},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6571847.v1},
note={Accessed: 2024-Apr-23}
}

Butkovic, Matthew, and Richard Caralli. "Advancing Cybersecurity Capability Measurement Using the CERT-RMM Maturity Indicator Level Scale." (CMU/SEI-2013-TN-028). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, November 7, 2013. https://doi.org/10.1184/R1/6571847.v1.

M. Butkovic, and R. Caralli, "Advancing Cybersecurity Capability Measurement Using the CERT-RMM Maturity Indicator Level Scale," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2013-TN-028, 7-Nov-2013 [Online]. Available: https://doi.org/10.1184/R1/6571847.v1. [Accessed: 23-Apr-2024].

Butkovic, Matthew, and Richard Caralli. "Advancing Cybersecurity Capability Measurement Using the CERT-RMM Maturity Indicator Level Scale." (Technical Note CMU/SEI-2013-TN-028). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 7 Nov. 2013. https://doi.org/10.1184/R1/6571847.v1. Accessed 23 Apr. 2024.

Butkovic, Matthew; & Caralli, Richard. Advancing Cybersecurity Capability Measurement Using the CERT-RMM Maturity Indicator Level Scale. CMU/SEI-2013-TN-028. Software Engineering Institute. 2013. https://doi.org/10.1184/R1/6571847.v1