The Capability Maturity Model Integration (CMMI) Security Process measures the maturity, effectiveness and efficiency of your organization’s security posture. Based on Carnegie Mellon University’s CMMI framework for process improvement, and leveraging the ISO 2700x and NIST SP 800-53 security models, the CMMI Security Process provides a baseline security assessment to help your organization identify current vulnerabilities and areas for improvement.
CMMI Domains
The process begins with a thorough review of the domains within your security environment. The domains reviewed include:
Security Policy
Organization of Information Security
Human Resource Security
Asset Management
Cryptography
Physical and Environmental Security
Operational Security
Network Security Management
Information Systems – Acquisition, Development,Maintenance
Supplier Relationships
Incident Management
Business Continuity Management
Compliance
Within each domain, key process areas are reviewed, measured and evaluated based on their maturity. Maturity level rankings are as follows:
0 Non Existent
Basic processes and activities are not established.
1 Initial
Processes and activities are ad- hoc, chaotic or undefined.
2 Repeatable
Basic processes and activities are established and there is a level of discipline and adherence.
3 Defined
All processes and activities are defined, documented, standardized and integrated together.
4 Managed
Processes are measured by collecting detailed data on the processes and their quality and appropriately improved.
5 Optimized
The final deliverable includes an average Maturity Score within the Executive