search menu icon-carat-right cmu-wordmark

CERT Resilience Management Model (CERT-RMM) Collection

CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience.

Publisher:

Software Engineering Institute

The CERT Resilience Management Model (CERT-RMM) is the foundation for a process improvement approach to operational resilience management. It defines the essential organizational practices that are necessary to manage operational resilience. You can use CERT-RMM to determine your organization's capability to manage resilience, set goals and targets, and develop plans to close identified gaps. By using a process view, CERT-RMM can help your organization respond to stress with mature and predictable performance.

CERT Resilience Management Model (CERT-RMM) Version 1.2

February 2016

CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience.

CERT-RMM Version 1.2 Release Notes

February 2016

This document contains the relerase notes for CERT-RMM Version 1.2, released February 2014.

Asset Definition and Management (ADM) CERT-RMM Process Area

February 2016

This process area is about identifying, documenting, and managing organizational assets to ensure sustained productivity supporting organizational services.

Access Management (AM) CERT-RMM Process Area

February 2016

The purpose of Access Management is to ensure that access granted to organizational assets is commensurate with their business and resilience requirements.

Communications (COMM) CERT-RMM Process Area

February 2016

This process area is about developing, delivering, and managing communications to support resilience activities and processes.

Compliance (COMP) CERT-RMM Process Area

February 2016

This process area is about ensuring awareness of and compliance with guidelines, standards, practices, policies, regulations, and legislation, and other obligations.

Controls Management (CTRL) CERT-RMM Process Area

February 2016

This process area is about establishing, monitoring, analyzing, and managing an internal control system to ensure effective and efficient operations.

Environmental Control (EC) CERT-RMM Process Area

February 2016

This process area is about establishing and managing physical, environmental, and geographical controls to support the operations of services.

Enterprise Focus (EF) CERT-RMM Process Area

February 2016

This process area is about establishing sponsorship, strategic planning, and governance over the operational resilience management system.

External Dependencies Management (EXD) CERT-RMM Process Area

February 2016

This process area is about establishing and managing controls to ensure the resilience of services and assets that are dependent on external entities.

Financial Resource Management (FRM) CERT-RMM Process Area

February 2016

This process area is about requesting, receiving, managing, and applying financial resources for resilience objectives and requirements.

Human Resource Management (HRM) CERT-RMM Process Area

February 2016

This process area is about managing the employment lifecycle and performance of staff to support operational resilience.

Identity Management (ID) CERT-RMM Process Area

February 2016

This process area is about creating, maintaining, and deactivating identities that may need trusted access to organizational assets.

Incident Management and Control (IMC) CERT-RMM Process Area

February 2016

This process area is about establishing processes to identify and analyze events, detect incidents, and determine an organizational response.

Knowledge and Information Management (KIM) CERT-RMM Process Area

February 2016

This process area is about establishing and managing controls to support the confidentiality, integrity, and availability of information.

Measurement and Analysis (MA) CERT-RMM Process Area

February 2016

This process area is about developing and sustaining a measurement capability used to support management information needs.

Monitoring (MON) CERT-RMM Process Area

February 2016

This process area is about collecting, recording, and distributing information about the operational resilience management system.

Organizational Process Definition (OPD) CERT-RMM Process Area

February 2016

This process area is about establishing and maintaining organizational process assets and work environment standards for operational resilience.

Organizational Process Focus (OPF) CERT-RMM Process Area

February 2016

This process area is about planning, implementing, and deploying process improvements based on the organization's current strengths and weaknesses.

Organizational Training and Awareness (OTA) CERT-RMM Process Area

February 2016

This process area is about promoting awareness in and developing skills and knowledge of people.

People Management (PM) CERT-RMM Process Area

February 2016

This process area is about establishing and managing the contributions and availability of people.

Risk Management (RISK) CERT-RMM Process Area

February 2016

This process area is about identifying, analyzing, and responding to risks to assets that could adversely affect the organization's services.

Resilience Requirements Development (RRD) CERT-RMM Process Area

February 2016

This process area is about identifying, documenting, and analyzing operational resilience requirements.

Resilience Requirements Management (RRM) CERT-RMM Process Area

February 2016

This process area is about managing the resilience requirements of high-value services and associated assets and identifying inconsistencies.

Resilient Technical Solution Engineering (RTSE) CERT-RMM Process Area

February 2016

This process area is about ensuring that software and systems are developed to satisfy their resilience requirements.

Service Continuity (SC) CERT-RMM Process Area

February 2016

This process area is about ensuring the continuity of essential operations of services and their associated assets if a disruption occurs.

Technology Management (TM) CERT-RMM Process Area

February 2016

This process area is about establishing and managing controls related to the integrity and availability of technology assets.

Vulnerability Analysis and Resolution (VAR) CERT-RMM Process Area

February 2016

This process area is about identifying, analyzing, and managing vulnerabilities in an organization's operating environment.

CERT-RMM Generic Goals and Practices

February 2016

This document describes the CERT-RMM generic goals and practices.

CERT-RMM Acronyms and Initialisms

February 2016

This document defines the acronyms and initialisms used in CERT-RMM, Version 1.2.

CERT-RMM Glossary of Terms

February 2016

This document contains a glossary of terms for the CERT Resilience Management Model, Version 1.2.