Governance, Risk Management, and Compliance Professionals

Organizations in industry, government, and academia face increasingly complex business and operational environments. They are constantly bombarded with conditions and events that can introduce stress and uncertainty that may disrupt the effective operation of the organization.

All of these new demands conspire to force organizations to rethink how they perform operational risk management and how they address the resilience of critical business services and processes. The traditional, and typically compartmentalized, disciplines of security, business continuity, and IT operations must be expanded to provide protection and continuity strategies for critical services and supporting assets that are commensurate with these new operating complexities.

The CERT Resilience Management Model seeks to allow organizations to use a process definition as a benchmark for identifying the current level of organizational capability, setting an appropriate and attainable desired target for performance, measuring the gap between current performance and targeted performance, and developing action plans to close the gap. 

CERT-RMM provides a process structure into which an organization’s best practices can be inserted and managed. The organization can then measure the achievement of process goals to verify that implemented practices are providing the expected results. The model

• provides a process definition, expressed in 26 process areas across four categories: enterprise management, engineering, operations management, and process management
• focuses on four essential operational assets: people, information, technology, and facilities
• includes processes and practices that define a scale of four capability levels for each process area: Incomplete, Performed, Managed, and Defined
• serves as a meta-model that includes references to common codes of practice such as ISO27000, ITIL, CobiT, and others such as BS25999 and ISO24762
• includes process metrics and measurements that can be used to ensure that operational resilience processes are performing as intended
• facilitates an objective measurement of capability levels via a structured and repeatable appraisal method.
  

Resiliency Management Workforce

CERT has defined specific roles to aid in growing and transitioning resiliency management to academic, governmental, and industrial organizations. Each role has a development path that includes education and experiential application in the field to increase application of skills. There are different levels of professionals who are trained to benchmark, apply, implement, appraise, and teach.

Role Definitions:

Registered CERT-RMM Appraisal Team Members
A CERT-RMM appraisal is an examination of one or more process areas by a trained team of employees using a CERT-RMM appraisal reference model as the basis for determining capabilities, strengths and weaknesses. The results of an appraisal identify the most important issues, problems, or opportunities within the appraisal scope. It includes, at a minimum, capabilities strengths and weaknesses based on valid observations. Individuals must attend the Introduction to CERT-RMM course to become Registered CERT-RMM Appraisal Team members.

CERT-RMM Navigator
SEI-Certified CERT-RMM Navigators are trained to provide guidance and management of organizations who are applying the CERT-RMM Compass to determine their operational resilience. The SEI-Certified CERT-RMM Navigator serves as a coordinator between the organization and the SEI on completion of the CERT-RMM Compass and reporting results.

CERT-RMM Coach
An SEI-Certified CERT-RMM Coach is a trained professional who is certified to champion, implement, analyze, manage, contribute, or support CERT-RMM based improvement efforts in an organization. CERT-RMM Coaches provide a workforce element that will manage a smooth adoption of CERT-RMM concepts to create a sustainable resiliency effort. A CERT-RMM Coach is certified to perform CERT-RMM class B or C appraisals and facilitate the CERT-RMM Compass within an organization.

CERT-RMM Lead Appraiser
SEI-Certified CERT-RMM Lead Appraisers are sponsored by SEI Partners who are licensed to perform organizational benchmarking activities on behalf of the SEI. SEI-Certified CERT-RMM Appraisers can lead all classes (A, B, and C) of appraisals including the CERT-RMM Compass.  The CERT-RMM Lead Appraiser is responsible to plan and manage the performance of the entire appraisal effort, delegate appraisal tasks to team members, and ensure adherence to CAM appraisal requirements. A new pilot program is now open for existing SEI-Certified SCAMPI Lead Appraisers to add CERT-RMM to their appraisal capabilities. Please refer to this overview for more information about the CERT-RMM Lead Appraiser program.

CERT-RMM Instructor
The Software Engineering Institute transitions technologies through several different mechanisms. Key to transition is educating the community.  Through its Professional Development Center and the SEI Partner Network, the SEI is able to provide educational products and services to support this goal.
SEI-Certified CERT-RMM Instructors are highly trained and experienced with the CERT-RMM model and its methodologies. Each has demonstrated advanced competency in the CERT-RMM model, experience with the courseware, and skill in educating adult learners in a classroom environment.