Capability Maturity Model

Method for judging the maturity of software processes in an organization and for identifying crucial practices needed to increase process maturity. [Chris] (Compare: Common Criteria.)

Tutorial: The CMM does not specify security evaluation criteria (see: assurance level), but its use may improve security assurance. The CMM describes principles and practices that can improve software processes in terms of evolving from ad hoc processes to disciplined processes. The CMM has five levels:

• Initial: Software processes are ad hoc or chaotic, and few are well-defined. Success depends on individual effort and heroics.
• Repeatable: Basic project management processes are established to track cost, schedule, and functionality. Necessary process discipline is in place to repeat earlier successes on projects with similar applications.
• Defined: Software process for both management and engineering activities is documented, standardized, and integrated into a standard software process for the organization. Each project uses an approved, tailored version of the organization's standard process for developing and maintaining software.
• Managed: Detailed measures of software process and product quality are collected. Both software process and products are quantitatively understood and controlled.
• Optimizing: Continuous process improvement is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies.