search menu icon-carat-right cmu-wordmark

CERT Resilience Management Model, Version 1.0

May 2010 Technical Report
Richard A. Caralli, Julia H. Allen, Pamela D. Curtis, David W. White, Lisa R. Young

In this report, the authors present CERT-RMM, an approach to managing operational resilience in complex, risk-evolving environments.


Software Engineering Institute

CMU/SEI Report Number


DOI (Digital Object Identifier):


Organizations in every sector—industry, government, and academia—are facing increasingly complex operational environments and dynamic risk environments. These demands conspire to force organizations to rethink how they manage operational risk and the resilience of critical business processes and services.  

The CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to approach the challenge of managing operational resilience in complex, risk-evolving environments. It is the result of years of research into the ways that organizations manage the security and survivability of the assets that ensure mission success. It incorporates concepts from an established process improvement community to allow organizations to holistically mature their security, business continuity, and IT operations management capabilities and improve predictability and success in sustaining operations whenever disruption occurs.

This report describes the model’s key concepts, components, and process area relationships and provides guidance for applying the model to meet process improvement and other objectives. One process area is included in its entirety; the others are presented in outline form. All of the CERT-RMM process areas are available for download at