The CERT Resilience Management Model (CERT-RMM) is the foundation for a process improvement approach to operational resilience management. It defines the essential organizational practices that are necessary to manage operational resilience. You can use CERT-RMM to determine your organization's capability to manage resilience, set goals and targets, and develop plans to close identified gaps. By using a process view, CERT-RMM can help your organization respond to stress with mature and predictable performance.

CERT Resilience Management Model

Version 1.2 of CERT-RMM was published in February, 2016, and is available as a free download. This version provides the model's process areas, generic goals and practices, glossary, and acronyms. The release notes for version 1.2 describe its updated features.

Version 1.1 of CERT-RMM was published in book form by Addison-Wesley Professional in December 2010. The book presents the contents of the model and also provides information about CERT-RMM concepts, use, and adoption.

CERT-RMM Capability Appraisals

CERT-RMM capability appraisals are an objective way to determine your organization's current level of capability for managing operational resilience based on the model's capability level scale.

CERT-RMM Training

Several training courses related to CERT-RMM are available, including introductory and advanced CERT-RMM topics.

Join Us on LinkedIn

Discuss resilience management as a member of the CERT Resilience Management Forum.


Learn How It Began

Learn about how CERT-RMM came to be.

Talk to Our Assessment Experts

Our CERT-RMM appraisers can help you determine how well your organization's security-related practices compare to our best practices.