CERT Resilience Management Model
The CERT Resilience Management Model is a capability
model for operational resilience management. It has two primary
- Establish the convergence of operational risk and resilience
management activities such as security, business continuity, and
aspects of IT operations management into a single model.
- Apply a process improvement approach to operational resilience
management through the definition and application of a capability
level scale that expresses increasing levels of process
Process areas of the CERT Resilience Management
Model are being published as they are completed and are available for download.
Note: Prior to your first download you must fill out a short form to access the materials. A persistent cookie is being used to track whether you have filled out the form or not. It does not store
personal data you may provide in the form in any way.
The CERT Resilience Management Model (CERT®-RMM) Version 1.1 book was published by Addison-Wesley Professional in December 2010. The book both introduces CERT-RMM and presents the model in its entirety.
Features and Benefits of the CERT Resilience Management Model
The CERT Resilience Management Model doesn't replace an organization’s best practices—it provides a process structure into which they can be inserted and managed. The organization can then measure the achievement of process goals to validate that implemented practices are providing the expected results. The model
- provides a process definition, expressed in more than 20 process areas
across four categories: enterprise management, engineering, operations
management, and process management
- focuses on four essential operational assets: people, information,
technology, and facilities
- includes processes and practices that define a scale of four
capability levels for each process area: Incomplete, Performed,
Managed, and Defined
- serves as a meta-model that includes references to common codes of
practice such as ISO27000, ITIL, CobiT, and others such as BS25999 and
- includes process metrics and measurements that can be used to
ensure that operational resilience processes are performing as
- facilitates an objective measurement of capability levels via a
structured and repeatable appraisal method
CERT Resilience Management Model Capability Appraisals
CERT is currently performing capability appraisals using the CERT Resilience Management Model as a foundation.
Capability appraisals are an objective way to
determine your organization's current level of capability for managing
operational resilience based on the model's capability level scale.
Organizations new to the concept of model-based process improvement may find a less formal assessment activity to be more appropriate for determining where to start gap assessment and improvement activities. CERT-RMM Compass is a lightweight assessment instrument that can quickly identify areas for improvement or set direction for more formal appraisals.