The Community Cyber Security Maturity Model is a coordinated plan that provides communities or local jurisdictions with a framework to identify what is needed to build a cybersecurity program focused on “whole community” preparedness and response to address a cyber incident or attack. Essentially, the CCSMM is a guide that helps communities establish a cybersecurity baseline at the local level. Once established, the baseline can be used to identify cyber-attacks that impact an organization, an entire sector, or cross-sector organizations and agencies in a specific geographic area. It can also be used to communicate with individuals and communities about capabilities and improvement.
The strategies identified in the framework go beyond protecting systems and networks within local government agencies. The CCSMM can assist communities to identify what needs to be done in building a viable and sustainable cybersecurity program, what is needed to prepare to detect a cyber-attack, develop plans to respond during an attack, and determine what to do after an attack has occurred.
The CCSMM incorporates three critical features:
A Yardstick - which can be used to measure the current status of a community’s cybersecurity program and posture
A Roadmap - to help a community know what steps are needed to improve their security posture
A Common Point - of reference that allows individuals from different communities and states to discuss their individual programs and relate them to each other
The 3-D Model is designed to broaden the capability of the framework allowing it to be flexible and scalable to address all aspects of a cybersecurity program. Expanding the CCSMM into a 3-dimensional model provides the improvement progression for everyone in the nation.