The Community Cyber Security Maturity Model is a coordinated plan that provides communities or local jurisdictions with a framework to identify what is needed to build a cybersecurity program focused on “whole community” preparedness and response to address a cyber incident or attack. Essentially, the CCSMM is a guide that helps communities establish a cybersecurity baseline at the local level. Once established, the baseline can be used to identify cyber-attacks that impact an organization, an entire sector, or cross-sector organizations and agencies in a specific geographic area. It can also be used to communicate with individuals and communities about capabilities and improvement.
The strategies identified in the framework go beyond protecting systems and networks within local government agencies. The CCSMM can assist communities to identify what needs to be done in building a viable and sustainable cybersecurity program, what is needed to prepare to detect a cyber-attack, develop plans to respond during an attack, and determine what to do after an attack has occurred.
The CCSMM incorporates three critical features:
- A yardstick which can be used to measure the current status of a community’s cybersecurity program and posture,
- A roadmap to help a community know what steps are needed to improve their security posture, and
- A common point of reference that allows individuals from different communities and states to discuss their individual programs and relate them to each other.
The 3-D Model is designed to broaden the capability of the framework allowing it to be flexible and scalable to address all aspects of a cybersecurity program. Expanding the CCSMM into a 3-dimensional model provides the improvement progression for everyone in the nation.
Additionally, it can integrate other frameworks such as the National Institute of Standards and Technology’s (NIST) Cyber Security Framework (CSF) (NIST, 2018) and the DoD’s CMMC outlining the security controls necessary for an organization. It can also support the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework) (NIST, 2017), which is a resource that categorizes and describes cybersecurity work and the cybersecurity workforce.
The CCSMM can assist communities to identify what needs to be done in building a viable and sustainable cybersecurity program, what is needed to prepare to detect a cyber-attack, develop plans to respond during an attack, and determine what to do after an attack has occurred. For a more in-depth understanding of the different levels and dimensions in the Model, please see below for more information.