Appendix C - CMM Mappings

MITRE INFORM is one of many Capability Maturity Models and programs. So which is the best for you? INFORM should be used at a higher level for an entire security program. Individual departments should then complete assessments related to their specific field. We have gone ahead and mapped our components to components of other CMMs for your ease of use.

MITRE INFORM Dimension	MITRE INFORM Component	CTI CMM	SOC CMM	Red Team CMM	CTEM
Cyber Threat Intelligence	Depth of Threat Intelligence	Threat			Prioritization
	Relevance of Threat Intelligence	Risk			Prioritization
	Operational Integration of Threat Intelligence	Acccess, Risk			Scoping, Prioritization, Validation, Mobilization
	Incorporation of CTI	Asset, Situation, Response			Prioritization
	Recency of CTI	Asset, Situation, Response			Prioritization
	Speed of CTI Dissemination	Asset, Situation, Response			Prioritization
	CTI Driven Decision Making	Asset, Situation, Response			Prioritization
Defensive Measures	Data Collection		T.1 (SIEM/UEBA, T.2 (NDR), T.3 (EDR), T.4 (SOAR), S.7 (Log Management)
	Risk Assessments		B.4 (Governance), S.6 (Vulnerability Management)		Scoping, Discovery, Prioritization
	Attack Surface Scoping		S.7 (Log Management), T.3 (EDR), Pr.2 (Operationsand Facilities), T.1 (SIEM/UEBA), T.2 (NDR)		Scoping, Discovery, Prioritization
	Detection Rules		Pr.5 (Detection Engineering & Validation)		Validaiton, Mobilization
	Detection Rule Metadata		T.1 (SIEM/UEBA), T.2 (NDR), T.3 (EDR), Pr.4 (Use Case Management), S.7 (Log Management)		Mobilization
	Propagation between CTI and Detections		S.1 (Security Monitoring), S.4 (Threat Intelligence)		Mobilization
	Incident Response		S.2 (Security Incident Management)		Mobilization
	Incident Recovery and Forensics		S.2 (Security Incident Management)		Mobilization
	Threat Hunting		S.5 (Threat Hunting)		Validation
	Deception		T.3 (EDR)
Test & Evaluation	Test Focus			Operational Planning and Selection, Work Management, Program Strategy	Validation
	Test Planning			Operational Planning and Selection, Work Management, Program Strategy	Validation
	Test Relevance			Operational Planning and Selection, Work Management, Program Strategy, Knowledge Sharing, Metrics	Validation
	Test Triggers			Process Continuous Improvement, Operational Approvals, Operational Planning and Selection	Validation
	Test Results			Program Knowledge Sharing, People Various Relationships, Operation Reporting	Mobilization

More information on the Maturity models and programs can be found at the links below:

• CTI CMM v1.2

• SOC CMM v2.3.4

• Red Team CMM v1

• CTEM