Related CMMs

The objective of this page is to inventory IAM CMMs, complementary CMMs, or similar models, frameworks, and standards.

CMM

Scope

Version

Comments

Key References

CMM

Scope

Version

Comments

Key References

CMMI-SVC

General-purpose CMM model for Service Providers

Version 1.3 (2011)

 

https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1896644633

https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1896972299

COBIT 5 for Information Security

 

 

 

 

European Union Agency for Network and Information
Security (ENISA)

 

 

 

 

ISO/IEC 21827:2008(E) SSE-CMM (Systems Security Engineering - Capability Maturity Model)

InfoSec

2008

Accompanied by the ISO 27k family of information security standards.

https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1905721385

ISF Standard of Good Practice for Information Security

 

 

 

 

IT Capability Maturity Framework - Information Security Management (IT-CMF:ISM)

 

 

 

 

ITIL

 

 

 

 

NIST Computer/Cybersecurity Frameworks

 

 

 

 

Osmanoglu

Workforce IAM

2013

A proper Workforce IAM CMM.

PalsonKennedy and Gopal

Cloud Computing and IAM

2010

Not a real CMM but rather a discussion on Cloud Computing, CMM. and IAM.

Payment Card Industry (PCI) Data Security Standard
(PCI-DSS)

 

 

 

 

SANS Top 20

 

 

 

 

Security & Privacy Capability Maturity Model (SP-CMM)

Cybersecurity and Data Privacy

2019.1

 

 

Secure Controls Framework

 

 

 

World Economic Forum Cyber Risk Framework (WEF-CRF)

 

 

 

 

 


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.