Add Compliance for the High-Level SCF: Structure of the Systems Security Engineering Capability Maturity Model v2.0 (SSE-CMM) | Voters

Add Compliance for the High-Level SCF: Structure of the Systems Security Engineering Capability Maturity Model v2.0 (SSE-CMM)

Luke Jones

Add Compliance for the High-Level SCF: Structure of the Systems Security Engineering Capability Maturity Model v2.0 (SSE-CMM)
https://securecontrolsframework.com/free/capability-maturity-model/
C|P-CMM Levels
The C|P-CMM draws upon the high-level structure of the Systems Security Engineering Capability Maturity Model v2.0 (SSE-CMM), since the SCF felt it was the best model to demonstrate varying levels of maturity for people, processes and technology at a control level. If you are unfamiliar with the SSE-CMM, it is well-worth your time to read through the SSE-CMM Overview Document that is hosted by the US Defense Technical Information Center (DTIC).
The six (6) C|P-CMM levels are:
CMM 0 – Not Performed
CMM 1 – Performed Informally
CMM 2 – Planned & Tracked
CMM 3 – Well-Defined
CMM 4 – Quantitatively Controlled
CMM 5 – Continuously Improving

November 20, 2025