| Document Title |
Description |
Date Published |
Date Updated |
| CERT-RMM v1.0 |
Contains the complete content of all 26 process areas, the generic goals and practices, and the glossary of the CERT Resilience Management Model. |
May 28, 2010 |
|
| Process Area Documents |
| ADM: Asset Definition and Management |
Identify, document, and manage organizational assets during their life cycle to ensure sustained productivity to support organizational services. |
June 30, 2009 |
May 25, 2010 |
| AM: Access Management |
Ensure that access granted to organizational assets is commensurate with their business and resilience requirements. |
June 30, 2009 |
May 25, 2010 |
| COMM: Communications |
Develop, deploy, and manage internal and external communications to support resilience activities and processes. |
June 30, 2009 |
May 25, 2010 |
| COMP: Compliance |
Ensure awareness of and compliance with an established set of relevant internal and external guidelines, standards, practices, policies, regulations, and legislation, and
other obligations (such as contracts and service level agreements) related to managing operational resilience. |
June 30, 2009 |
May 25, 2010 |
| CTRL: Controls Management |
Establish, monitor, analyze, and manage an internal control system that ensures the effectiveness and efficiency of operations through assuring mission success of high-value services and the assets that support them. |
May 25, 2010 |
|
| EC: Environmental Control |
Establish and manage an appropriate level of physical, environmental, and geographical controls to support the resilient operations of services in organizational facilities.
| July 30, 2009 |
May 25, 2010 |
| EF: Enterprise Focus |
Establish sponsorship, strategic planning, and governance over the operational resilience management process.
|
August 13, 2009 |
May 25, 2010 |
| EXD: External Dependencies Management |
Establish and manage an appropriate level of controls to ensure the resilience of services and assets that are dependent on the actions of external entities.
|
December 4, 2009 |
May 25, 2010 |
| FRM: Financial Resource Management |
Request, receive, manage, and apply financial resources to support resilience objectives and requirements.
|
August 13, 2009 |
May 25, 2010 |
| HRM: Human Resource Management |
Manage the employment life cycle and performance of staff in a manner that contributes to the organization's ability to manage operational resilience.
|
August 13, 2009 |
May 25, 2010 |
| ID: Identity Management |
Create, maintain, and deactivate identities that may need some level of trusted access to organizational assets and manage their associated attributes. |
August 21, 2009 |
May 25, 2010 |
| IMC: Incident Management and Control |
Establish processes to identify and analyze events, detect incidents, and determine an appropriate organizational response.
|
August 21, 2009 |
May 25, 2010 |
| KIM: Knowledge and Information Management |
Establish and manage an appropriate level of controls to support the confidentiality, integrity, and availability of the organization’s information, vital records, and intellectual property.
|
August 21, 2009 |
May 25, 2010 |
| MA: Measurement and Analysis |
Develop and sustain a measurement capability that is used to
support management information needs for managing the operational
resilience management process.
|
September 11, 2009 |
May 25, 2010 |
| MON: Monitoring |
Collect, record, and distribute information about the operational resilience
management process to the organization on a timely basis.
|
September 11, 2009 |
May 25, 2010 |
| OPD: Organizational Process Definition |
Establish and maintain a usable set of organizational process assets and work environment standards for operational resilience.
|
October 16, 2009 |
May 25, 2010 |
| OPF: Organizational Process Focus |
Plan, implement, and deploy organizational process improvements based on a thorough understanding of current strengths and weaknesses of the organization’s operational resilience processes
and process assets.
|
October 16, 2009 |
May 25, 2010 |
| OTA: Organizational Training and Awareness |
Promote awareness and develop skills and knowledge of people in support of their roles in attaining and sustaining operational resilience.
|
October 16, 2009 |
May 25, 2010 |
| PM: People Management |
Establish and manage the contributions and availability of people to support the resilient operation of organizational services.
|
September 14, 2009 |
May 25, 2010 |
| RISK: Risk Management |
Identify, analyze, and mitigate risks to organizational assets that could
adversely affect the operation and delivery of services.
|
September 11, 2009 |
May 25, 2010 |
| RRD: Resilience Requirements Development |
Identify, document, and analyze the operational resilience requirements for high-value services and related assets.
|
November 25, 2009 |
May 25, 2010 |
| RRM: Resilience Requirements Management |
Manage the resilience requirements of high-value services and associated assets and to identify inconsistencies between these requirements and the activities that the organization performs
to meet the requirements.
|
November 25, 2009 |
May 25, 2010 |
| RTSE: Resilient Technical Solution Engineering |
Ensure that software and systems are developed to satisfy their resilience requirements. |
February 16, 2010 |
May 25, 2010 |
| SC: Service Continuity |
Ensure the continuity of essential operations of services and related assets if a disruption occurs as a result of an incident, disaster, or other disruptive event.
|
August 27, 2009 |
May 25, 2010 |
| TM: Technology Management |
Establish and manage an appropriate level of controls related to the integrity and availability of technology assets to support the resilient operations of organizational services.
|
October 16, 2009 |
May 25, 2010 |
| VAR: Vulnerability Analysis and Resolution |
Identify, analyze, and manage vulnerabilities in an organization’s operating environment.
|
October 16, 2009 |
May 25, 2010 |
| Supplementary Documents |
| Generic Goals and Practices |
Goals and practices that should (unless noted) be applied to all process areas. |
June 30, 2009 |
May 25, 2010 |
| Glossary of Terms |
Definitions of terms used in the model. |
June 30, 2009 |
May 25, 2010 |
| Measures for Managing Operational Resilience (pdf) |
This report is an addendum to CERT-RMM version 1.0 and CERT-RMM version 1.1. It updates and expands examples of measures in generic goal 2, generic practice 8 of each of the 26 process areas. |
July 2011 |
|
Historical Documents |
| REF-COP-Crosswalk0.95R.pdf |
CERT® Resiliency Engineering Framework: Code of Practice Crosswalk, v0.95R |
August 2008 |
|
| Resiliency Engineering Framework (zip) |
Draft version of the model. |
March 2008 |
|
|
|
