search menu icon-carat-right cmu-wordmark

Defining a Progress Metric for CERT-RMM Improvement

Technical Note
Describes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2017-TN-003
DOI (Digital Object Identifier)
10.1184/R1/12367094.v1

Abstract

This report describes how the authors defined a Cybersecurity Program Progress Metric (CPPM) in support of a large, diverse U.S. national organization. The CPPM, based on the CERT-Resilience Management Model (CERT-RMM) v1.1, provides an indicator of progress towards achievement of CERT-RMM practices. The CPPM is an implementation metric that can be used to measure incremental progress in implementation of CERT-RMM practices and, through an aggregate score, show overall progress in achieving the goals of a cybersecurity program. The underlying concept of a CERT-RMM-based index is applicable to any organization using the CERT-RMM for model-based process improvement for such operational risk management activities as cybersecurity, business continuity, disaster recovery, IT operations, and incident response. Moreover, the underlying concept is applicable to other models such as the Cybersecurity Capability Maturity Model (C2M2).

Cite This Technical Note

Crabb, G., Mehravari, N., & Tobar, D. (2017, September 8). Defining a Progress Metric for CERT-RMM Improvement. (Technical Note CMU/SEI-2017-TN-003). Retrieved April 13, 2024, from https://doi.org/10.1184/R1/12367094.v1.

@techreport{crabb_2017,
author={Crabb, Greg and Mehravari, Nader and Tobar, David},
title={Defining a Progress Metric for CERT-RMM Improvement},
month={Sep},
year={2017},
number={CMU/SEI-2017-TN-003},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/12367094.v1},
note={Accessed: 2024-Apr-13}
}

Crabb, Greg, Nader Mehravari, and David Tobar. "Defining a Progress Metric for CERT-RMM Improvement." (CMU/SEI-2017-TN-003). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, September 8, 2017. https://doi.org/10.1184/R1/12367094.v1.

G. Crabb, N. Mehravari, and D. Tobar, "Defining a Progress Metric for CERT-RMM Improvement," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2017-TN-003, 8-Sep-2017 [Online]. Available: https://doi.org/10.1184/R1/12367094.v1. [Accessed: 13-Apr-2024].

Crabb, Greg, Nader Mehravari, and David Tobar. "Defining a Progress Metric for CERT-RMM Improvement." (Technical Note CMU/SEI-2017-TN-003). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 8 Sep. 2017. https://doi.org/10.1184/R1/12367094.v1. Accessed 13 Apr. 2024.

Crabb, Greg; Mehravari, Nader; & Tobar, David. Defining a Progress Metric for CERT-RMM Improvement. CMU/SEI-2017-TN-003. Software Engineering Institute. 2017. https://doi.org/10.1184/R1/12367094.v1