Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide  [open pdf - 3MB]
"This document describes the Cyber Resilience Review (CRR) architecture and provides detailed descriptions of the 10 CRR domains and six Maturity Indicator Levels (MILs). This document also contains information about how to prepare for a CRR Self-Assessment and how a facilitator assists the organization in assessing the maturity of its cybersecurity capabilities. It also gives guidance on follow-on activities to prioritize and implement a plan to close capability gaps that are identified through analysis of the CRR Self-Assessment Report. The CRR Self-Assessment also enables an organization to assess its capabilities relative to the NIST [National Institute of Standards and Technology] Cybersecurity Framework (CSF). This can be accomplished by correlating the results of the CRR Self-Assessment to the criteria of the NIST (CSF). A reference crosswalk mapping the relationship of NIST CSF categories and subcategories to CRR goals and practices is included in the CRR Self-Assessment Package."
2014 Carnegie Mellon University. Posted here with permission. See Copyright Information and NO WARRANTY on page 2.
United States Computer Emergency Readiness Team: https://www.us-cert.gov/