Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

The objective of this page is to inventory IAM CMMs, complementary CMMs, or similar models, frameworks, and standards.

A family of InfoSec standards comprising control capabilities (27002) and a CMM.

CMM

Scope

Version

Comments

Key References

CMMI-SVC

General-purpose CMM model for Service Providers

Version 1.3 (2011)

Forrester et al., 2011

CMMI Product Team, 2010

COBIT 5 for Information Security

European Union Agency for Network and Information
Security (ENISA)

ISO/IEC 27000 Family

InfoSec

21827:2008(E) SSE-CMM (Systems Security Engineering - Capability Maturity Model)

InfoSec

2008

Accompanied by the ISO 27k family of information security standards.

ISO and IEC, 2008

ISF Standard of Good Practice for Information Security

IT Capability Maturity Framework - Information Security Management (IT-CMF:ISM)

ITIL

NIST Computer/Cybersecurity Frameworks

Osmanoglu

Workforce IAM

2013

A proper Workforce IAM CMM.

Osmanoglu, 2013

PalsonKennedy and Gopal

Cloud Computing and IAM

2010

Not a real CMM but rather a discussion on Cloud Computing, CMM. and IAM.PalsonKennedy and Gopal, 2010

https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1889108289

Payment Card Industry (PCI) Data Security Standard
(PCI-DSS)

SANS Top 20

Security & Privacy Capability Maturity Model (SP-CMM)

Cybersecurity and Data Privacy

2019.1

Secure Controls Framework

https://www.securecontrolsframework.com/

World Economic Forum Cyber Risk Framework (WEF-CRF)

...