SOC-CMM & SOC-CMM for CERT
Publication date: 2022
Author: Rob van Os
The SOC-CMM is a capability maturity model that can be used to perform a self-assessment of your Security Operations Center (SOC). The model is based on review conducted on literature regarding SOC setup and existing SOC models as well as literature on specific elements within a SOC. The literature analysis was then validated by questioning several Security Operations Centers in different sectors and on different maturity levels to determine which elements were actually in place. The output from the survey, combined with the initial analysis is the basis for this self-assessment.
The SOC-CMM for CERT is a version of the SOC-CMM which is meant for the capability maturity assessment of CERT teams rather than a SOC. The need for the creation of such an assessment tool was established after contact with FIRST.ORG. The tool itself has been derived from the SOC-CMM but has been scoped specifically for incident response teams. Elements from other SOC services that can be part of CERT tasks were transferred to the security incident management service and additional elements were introduced that are specific for CERT teams.