The Community Cyber Security
The Community Cyber Security Maturity Model is a coordinated plan that provides communities or local jurisdictions with a framework to identify what is needed to build a cybersecurity program focused on “whole community” preparedness and response to address a cyber incident or attack. Essentially, the CCSMM is a guide that helps communities establish a cybersecurity baseline at the local level. Once established, the baseline can be used to identify cyber-attacks that impact an organization, an entire sector, or cross-sector organizations and agencies in a specific geographic area. It can also be used to communicate with individuals and communities about capabilities and improvement.
The strategies identified in the framework go beyond protecting systems and networks within local government agencies. The CCSMM can assist communities to identify what needs to be done in building a viable and sustainable cybersecurity program, what is needed to prepare to detect a cyber-attack, develop plans to respond during an attack, and determine what to do after an attack has occurred.
The CCSMM incorporates three critical features:
A Yardstick
which can be used to measure the current status of a community’s cybersecurity program and posture
A Roadmap
to help a community know what steps are needed to improve their security posture
A Common Point
of reference that allows individuals from different communities and states to discuss their individual programs and relate them to each other
The 3-D Model is designed to broaden the capability of the framework allowing it to be flexible and scalable to address all aspects of a cybersecurity program. Expanding the CCSMM into a 3-dimensional model provides the improvement progression for everyone in the nation.
Additionally, it can integrate other frameworks such as the National Institute of Standards and Technology’s (NIST) Cyber Security Framework (CSF) (NIST, 2018) and the DoD’s CMMC outlining the security controls necessary for an organization. It can also support the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework) (NIST, 2017), which is a resource that categorizes and describes cybersecurity work and the cybersecurity workforce.
The CCSMM can assist communities to identify what needs to be done in building a viable and sustainable cybersecurity program, what is needed to prepare to detect a cyber-attack, develop plans to respond during an attack, and determine what to do after an attack has occurred. For a more in-depth understanding of the different levels and dimensions in the Model, please see below for more information.
Take advantage of a two-hour online course – at no cost – to learn how to using the Community Cyber Security Maturity Model to develop a cybersecurity program!
Students will learn what is required to develop a coordinated, sustained and viable community cybersecurity program, as well as what resources are available to assist in improving awareness, information sharing, policies and plans.
This CIAS course was developed on behalf of FEMA and the National Cybersecurity Preparedness Consortium (NCPC).
The Community Cyber Security Maturity Model
The purpose of the 3-D Community Cyber Security Maturity Model (CCSMM) is to broaden the capability of the framework allowing it to be flexible and scalable to address all aspects of a cybersecurity program. Expanding the CCSMM into a 3-dimensional model provides the improvement progression for everyone in the nation.
The CCSMM can also integrate other frameworks, such as the National Institute of Standards and Technology’s (NIST) Cyber Security Framework (CSF) and the DoD’s CMMC outlining the security controls necessary for an organization. It can also support the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework), which is a resource that categorizes and describes cybersecurity work and the cybersecurity workforce.
The Five Levels of Improvement
Initial
Some processes or programs may be in place, but a community at level 1 does not have all the program elements for a basic program.
Established
A basic program has been established with elements and processes in place for all four dimensions.
Self-Assessed
A minimal viable and sustainable program has been implemented.
Integrated
Cybersecurity is integrated across the community, including all citizens and organizations within the community, and is also working with the state and other communities within the state.
Vanguard
The community is maintaining a fully-vigilant cybersecurity posture.
Order the in-Depth Guide!
For an in-depth guide of the CCSMM, you can purchase the book “Establishing Cyber Security Programs Through the Community Cyber Security Maturity Model (CCSMM)”. This academic book is an essential reference source that discusses methods in applying sustainable cybersecurity programs and policies within organizations, governments and other communities.
