The CERT Resilience Management Model (CERT-RMM) is the foundation for a process improvement approach to operational resilience management. It defines the essential organizational practices that are necessary to manage operational resilience. You can use CERT-RMM to determine your organization's capability to manage resilience, set goals and targets, and develop plans to close identified gaps. By using a process view, CERT-RMM can help your organization respond to stress with mature and predictable performance.
CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations manage operational resilience and risk. CERT-RMM V1.0 is available as a free download. This version provides information about the model and its contents, but does not include information on model use and adoption, or updated information from field use and piloting. CERT-RMM appraisals do not use this version of the model.
Version 1.1 of the CERT-RMM was published in book form by Addison-Wesley Professional in December 2010. The book introduces CERT-RMM concepts and presents the model in its entirety, including information about model use and adoption. All CERT-RMM appraisals are based on V1.1, which is considered the official current version of the model.
CERT-RMM capability appraisals are an objective way to determine your organization's current level of capability for managing operational resilience based on the model's capability level scale.
Several training courses related to CERT-RMM are available, including introductory and advanced CERT-RMM topics.