July 6, 2009—CERT has begun releasing individual process areas of the CERT Resiliency Management Model, v1.0, a capability model for operational resiliency management.

The model has two primary objectives: to enable the convergence of operational risk and resiliency management activities such as security, business continuity, and aspects of IT operations management, and to apply a process improvement approach to operational resiliency management through the definition and application of a capability level scale.

The model doesn’t replace an organization’s best practices—it provides a process structure into which those practices can be inserted and managed. The organization can measure the achievement of process goals to validate that its practices are producing and sustaining the intended results.

Three process areas, Asset Definition and Management, Access Management, and Communications, along with the model’s Generic Goals and Practices (which define the model’s process maturity dimension), are now available for download. Other process areas will be posted over the next few weeks.