The CERT Resilience Management Model (CERT-RMM) is the foundation for a process improvement approach to operational resilience management. It defines the essential organizational practices that are necessary to manage operational resilience. An organization can use the model to establish its current level of capability in managing resilience, set goals and targets, and develop plans to close identified gaps. By using a process view, CERT-RMM can help an organization develop more maturity and predictability about how it will perform under stress rather than hoping it will survive disruptions.

CERT Resilience Management Model

CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations manage operational resilience and risk.

CERT-RMM V1.0 is available as a free download.  This version provides useful information about the model and its contents, but does not include important information on model use and adoption, or updated information from field use and piloting. CERT-RMM appraisals do not use this version of the model.

Version 1.1 of the CERT-RMM was published in a book by Addison-Wesley Professional in December 2010. The book introduces CERT-RMM concepts and presents the model in its entirety. All CERT-RMM appraisals are based on V1.1, which is considered the official current version of the model.

CERT-RMM Capability Appraisals

The CERT Division is currently performing capability appraisals using the CERT Resilience Management Model as a foundation. Capability appraisals are an objective way to determine your organization's current level of capability for managing operational resilience based on the model's capability level scale. 

CERT-RMM Training

Several training courses related to CERT-RMM are available, including introductory and advanced CERT-RMM topics.