Software Engineering Institute

The CERT® Resilience Management Model (CERT-RMM), which was developed by the CERT Division at Carnegie Mellon University’s Software Engineering Institute, is the most modern and comprehensive framework for managing operational resilience in a variety of organizations—small or large, simple or complex, public or private. CERT-RMM enables a structured, repeatable, and integrated method for organizations to plan, assess, manage, and sustain not only preparedness planning efforts (e.g., disaster recovery, business continuity, crisis management) but also other key operational risk management activities, such as information security and Information Technology (IT) operations. In this paper, we share practical and successful applications of CERT-RMM from a wide variety of organizations ranging from the Department of Homeland Security, to the Department of Energy, to the U.S. Postal Service, to industry giants such as Lockheed Martin.