CERT Resilience Management Model

Organizational Security Resilience Management Governing for Enterprise Security
Information Security Assessments and Evaluations OCTAVE^®
Threat Analysis and Modeling Insider Threat

Publications Catalog Historical Documents

CERT Resilience Management Model

The CERT Resilience Management Model is a capability model for operational resilience management. It has two primary objectives:

Establish the convergence of operational risk and resilience management activities such as security, business continuity, and aspects of IT operations management into a single model.
Apply a process improvement approach to operational resilience management through the definition and application of a capability level scale that expresses increasing levels of process improvement.

Process areas of the CERT Resilience Management Model are being published as they are completed and are available for download.

Note: Prior to your first download you must fill out a short form to access the materials. A persistent cookie is being used to track whether you have filled out the form or not. It does not store any personal data you may provide in the form in any way.

The CERT Resilience Management Model (CERT®-RMM) Version 1.1 book was published by Addison-Wesley Professional in December 2010. The book both introduces CERT-RMM and presents the model in its entirety.

Features and Benefits of the CERT Resilience Management Model

The CERT Resilience Management Model doesn't replace an organization’s best practices—it provides a process structure into which they can be inserted and managed. The organization can then measure the achievement of process goals to validate that implemented practices are providing the expected results. The model

provides a process definition, expressed in more than 20 process areas across four categories: enterprise management, engineering, operations management, and process management
focuses on four essential operational assets: people, information, technology, and facilities
includes processes and practices that define a scale of four capability levels for each process area: Incomplete, Performed, Managed, and Defined
serves as a meta-model that includes references to common codes of practice such as ISO27000, ITIL, CobiT, and others such as BS25999 and ISO24762
includes process metrics and measurements that can be used to ensure that operational resilience processes are performing as intended
facilitates an objective measurement of capability levels via a structured and repeatable appraisal method

CERT Resilience Management Model Capability Appraisals

CERT is currently performing capability appraisals using the CERT Resilience Management Model as a foundation. Capability appraisals are an objective way to determine your organization's current level of capability for managing operational resilience based on the model's capability level scale.

CERT-RMM Compass

Organizations new to the concept of model-based process improvement may find a less formal assessment activity to be more appropriate for determining where to start gap assessment and improvement activities. CERT-RMM Compass is a lightweight assessment instrument that can quickly identify areas for improvement or set direction for more formal appraisals.

Resources

General Information

Methods

Download Resilience Management Materials
Request for Comment on the CERT Resilience Management Model

Podcasts and Media

Publications

more related publications...

Training

Last updated April 5, 2011