ABSTRACT

Defining a Progress Metric for CERT-RMM Improvement   [open pdf - 447KB]

"This report describes how the authors defined a Cybersecurity Program Progress Metric (CPPM) in support of a large, diverse U.S. national organization. The CPPM, based on the CERTResilience Management Model (CERT-RMM) v1.1, provides an indicator of progress towards achievement of CERT-RMM practices. The CPPM is an implementation metric that can be used to measure incremental progress in implementation of CERT-RMM practices and, through an aggregate score, show overall progress in achieving the goals of a cybersecurity program. The underlying concept of a CERT-RMM-based index is applicable to any organization using the CERTRMM for model-based process improvement for such operational risk management activities as cybersecurity, business continuity, disaster recovery, IT [information technology] operations, and incident response. Moreover, the underlying concept is applicable to other models such as the Cybersecurity Capability Maturity Model (C2M2)."

Report Number:
CMU/SEI-2017-TN-003
Author:
Publisher:
Date:
2017-09
Copyright:
Carnegie Mellon University. This material has been approved for public release and unlimited distribution.
Retrieved From:
Defense Technical Information Center (DTIC): http://www.dtic.mil/dtic/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations