Cybersecurity Capability Maturity Model for Information Technology Services (C2M2 for IT Services), Version 1.0

Curtis, Pamela; Mehravari, Nader; Stevens, James

Cybersecurity Capability Maturity Model for Information Technology Services (C2M2 for IT Services), Version 1.0

Active / Technical Report | Accession Number: AD1026943 |

Open PDF

Abstract:

Cyber threats are one of the most serious and challenging types of operational risk facing modern organizations. The national and eco-nomic security of the United States depends on the reliable functioning of the information technology services that serve the Nations critical infrastructure in the face of such threats. Beyond critical infrastructure, the economic vitality of the Nation depends on the sustained operation of the enterprise information technology IT services of organizations of all types. This report describes the Cybersecurity Capability Maturity Model for Information Technology Services C2M2 for IT Services, which helps IT service delivery organizations of all sectors, types, and sizes evaluate make improvements to their cybersecurity programs.

Author(s):

Curtis, Pamela ; Mehravari, Nader ; Stevens, James

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States

Descriptive Note:

Technical Report

Pagination:

0064

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release;

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

CMU/SEI-2015-TR-009

Contract/Grant Number(s):

FA8721-05-C-0003

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_7_Protection; JCA_6.4.1_Secure Information Exchange; JCA_6_Net Centric; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_6.4.3_Respond to Attack Event; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_4.2_Supply; JCA_4.2.2_Inventory Management; JCA_5.2_Understand; JCA_5.3.3_Develop Strategy; JCA_4.7.2_Installation Services

Communities of Interest:

Cyber

Descriptor(s):

computer security, software development, computer security techniques, network architecture, computing system architectures, cyberattacks, information exchange, vulnerability, risk analysis, program management, configuration management

Field(s)/Group(s):

Computer Systems

Keyword(s):

Cyber threats, C2M2 for IT Services, information technology services cybersecurity capability maturity model

Report Date:

2015 Apr 01

Creation Date:

2017 Jul 10