March 25, 2008
CERT has just released the long-awaited CERT® Resiliency Engineering Framework. To quote from the description on the CERT website, "The framework is the foundation for a process improvement approach to security and business continuity. It establishes an organization's resiliency engineering process: a collection of essential capabilities that an organization performs to ensure that its important assets-people, information, technology, and facilities-stay productive in supporting business processes and services."
While not part of the Software Engineering Institute's official Capability Maturity Model® Integration (CMMI), the CERT Resiliency Engineering Framework presents a maturity framework that integrates the managing of people, process, and technology to achieve operational resiliency—the integration of security and business continuity planning into a process model that can be actively managed and continuously improved.
The preview version of the framework is available now for download from the CERT website.