The objective of this page is to inventory IAM CMMs, complementary CMMs, or similar models and standards.
CMM | Scope | Version | Comments | Key References |
---|---|---|---|---|
CMMI-SVC | General-purpose CMM model for Service Providers | Version 1.3 (2011) | ||
COBIT 5 for Information Security | ||||
European Union Agency for Network and Information | ||||
ISO/IEC 27000 Family | InfoSec | A family of InfoSec standards comprising control capabilities (27002) and a CMM. | ||
ISF Standard of Good Practice for Information Security | ||||
IT Capability Maturity Framework - Information Security Management (IT-CMF:ISM) | ||||
ITIL | ||||
NIST Computer/Cybersecurity Frameworks | ||||
Osmanoglu | Workforce IAM | 2013 | A proper Workforce IAM CMM. | |
PalsonKennedy and Gopal | Cloud Computing and IAM | 2010 | Not a real CMM but rather a discussion on Cloud Computing, CMM. and IAM. | |
Payment Card Industry (PCI) Data Security Standard | ||||
SANS Top 20 | ||||
World Economic Forum Cyber Risk Framework (WEF-CRF) |