CERT Resilience Management Model

CERT-RMM has two primary objectives:

  1. Establish the convergence of operational risk and resilience management activities such as security, business continuity, and aspects of IT operations management into a single model.
  2. Apply a process improvement approach to operational resilience management through the definition and application of a capability-level scale that expresses increasing levels of practice maturity.

The model has several distinctive characteristics that enable the achievement of operational resilience goals:

  • provides a process definition, expressed in more than 20 process areas across four categories: enterprise management, engineering, operations management, and process management
  • focuses on four essential operational assets: people, information, technology, and facilities
  • includes processes and practices that define a scale of four capability levels for each process area: Incomplete, Performed, Managed, and Defined
  • serves as a metamodel that includes references to common codes of practice such as ISO 27000, ISO 2230, ITIL, CobiT, and SO24762
  • includes process metrics and measurements that can be used to ensure that operational resilience processes are performing as intended
  • facilitates an objective measurement of capability levels via a structured and repeatable appraisal method

CERT-RMM doesn't replace an organization's best practices; rather, it provides a process structure into which they can be inserted and managed. The organization can then conduct an appraisal to measure whether the implemented practices are providing the expected results.

From the download page, you can download these CERT-RMM materials:

  • CERT-RMM V1.2 process areas
  • CERT-RMM V1.2 generic goals and practices
  • CERT-RMM V1.2 glossary
  • CERT-RMM V1.2 release notes
  • Measures for Managing Operational Resilience, which elaborates on the process measures included in the model

Register to download CERT-RMM materials, including V1.2 of CERT-RMM.


Register for a Course or Workshop

Take a course or attend a workshop to begin using CERT-RMM in your organization.

Join Us on LinkedIn

Discuss resilience management as a member of the CERT Resilience Management Forum.

Talk to Our Assessment Experts

Our CERT-RMM appraisers can help you determine how well your organization's security-related practices compare to our best practices.