Capability Maturity Model Integration

CMMI (Capability Maturity Model Integration) is a development model.

It may be referred as SW-CMM.

History of CMMI

CMMI was created in 2006 by CMU (Carnegie Mellon University). It is currently administered by the CMMI Institute, a subsidiary of ISACA.

There is also CMM (Capability Maturity Model) created in 1986, but it has been largely supersede by CMMI. The major difference between these two is that CMM focuses on isolated processes, whereas CMMI focuses on the integration among those processes.

CMM could also be referred as SCMM or SW-CMM, from software CCM.

Description of CMMI

CMMI is standardized as ISO/IEC 21827. Its latest version as of 2023 is ISO/IEC 21827:2028, under the title “Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®)”.

CMMI establishes 5 maturity stages on processes:

  1. Initial
  2. Managed (“repeatable” in CMM)
  3. Defined
  4. Quantitatively managed (“managed” in CMM)
  5. Optimized

CMMI is used in IT risk assessments, to assess the level of implementation of controls, as those defined in ISO/IEC 27001. It is also used on GAP analysis, to identify the current state and the objective state.

CMMI Certifications for Professionals

There are various certification levels for CMMI practitioners issued by CMMI Institute:

Other programs related to CMMI

CMMC (Cybersercuty Capability Maturity Model) is a USA DoD (Department of Defense) program that applies to Defense Industrial Base (DIB) contractors. You can find more information about CMMC on this external link.

You might also be interested in…

External References

Leave a Reply

Your email address will not be published. Required fields are marked *