CMMI (Capability Maturity Model Integration) is a development model
History of CMMI
CMMI was created in 2006 by CMU (Carnegie Mellon University). It is currently administered by the CMMI Institute, a subsidiary of ISACA.
There is also CMM (Capability Maturity Model) created in 1986, but it has been largely supersede by CMMI. The major difference between these two is that CMM focuses on isolated processes, whereas CMMI focuses on the integration among those processes.
Description of CMMI
CMMI is standardized as ISO/IEC 21827. Its latest version as of 2023 is ISO/IEC 21827:2028, under the title “Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®)”.
CMMI establishes 5 maturity stages on processes:
- Initial
- Managed (“repeatable” in CMM)
- Defined
- Quantitatively managed (“managed” in CMM)
- Optimized
CMMI is used in IT risk assessments, to assess the level of implementation of controls, as those defined in ISO/IEC 27001. It is also used on GAP analysis, to identify the current state and the objective state.
CMMI Certifications for Professionals
There are various certification levels for CMMI practitioners issued by CMMI Institute:
https://cmmiinstitute.com/learning/certifications
Other programs related to CMMI
CMMC (Cybersercuty Capability Maturity Model) is a USA DoD (Department of Defense) program that applies to Defense Industrial Base (DIB) contractors. You can find more information about CMMC on this external link.
External References
- CMMI Institute; “CMMI Institute“; ISACA
- ISO: “ISO/IEC 21827:2008“; ISO
- Wikipedia; “Capability Maturity Model Integration“; Wikipedia