Related CMMs

The objective of this page is to inventory IAM CMMs, complementary CMMs, or similar models, frameworks, and standards.

CMM

Scope

Version

Comments

Key References

CMM

Scope

Version

Comments

Key References

CMMI-SVC

General-purpose CMM model for Service Providers

Version 1.3 (2011)

 

Forrester et al., 2011

CMMI Product Team, 2010

COBIT 5 for Information Security

 

 

 

 

European Union Agency for Network and Information
Security (ENISA)

 

 

 

 

ISO/IEC 21827:2008(E) SSE-CMM (Systems Security Engineering - Capability Maturity Model)

InfoSec

2008

Accompanied by the ISO 27k family of information security standards.

ISO and IEC, 2008

ISF Standard of Good Practice for Information Security

 

 

 

 

IT Capability Maturity Framework - Information Security Management (IT-CMF:ISM)

 

 

 

 

ITIL

 

 

 

 

NIST Computer/Cybersecurity Frameworks

 

 

 

 

Osmanoglu

Workforce IAM

2013

A proper Workforce IAM CMM.

Osmanoglu, 2013

PalsonKennedy and Gopal

Cloud Computing and IAM

2010

Not a real CMM but rather a discussion on Cloud Computing, CMM. and IAM.

PalsonKennedy and Gopal, 2010

Payment Card Industry (PCI) Data Security Standard
(PCI-DSS)

 

 

 

 

SANS Top 20

 

 

 

 

Security & Privacy Capability Maturity Model (SP-CMM)

Cybersecurity and Data Privacy

2019.1

 

 

Secure Controls Framework

 

 

 

Secure Controls Framework

World Economic Forum Cyber Risk Framework (WEF-CRF)

 

 

 

 

 


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.