Development and Evolution of the CMM

In 2014, the GCSCC undertook a global collaborative exercise  to develop the first iteration of the Cybersecurity Capacity Maturity Model for Nations (CMM), working alongside over 200 experts from academia, international and regional organisations and the private sector. The goal was to extract and synthesise the community’s knowledge, identifying the most important factors for a nation’s cybersecurity capacity and the steps necessary for the nation to reach consequent levels of maturity. This process was seeded in an open vision that at least five Dimensions of maturity should be considered. These Dimensions and the factors that constitute them were subsequently refined using thematic-coding analysis, focus groups data and the results of a broad survey of literature.

In 2015 the structure of the CMM was complemented with a deployment methodology and the subsequent piloting of the CMM in six countries across the world. The results gathered from this initial phase of deployment served to revise the first iteration of the model, which also enjoyed support and input from the Capacity Centre’s Technical Board and Expert Advisory Panel. The discussions led to the refinement of existing factors, identified new factors and culminated with the publication of a revised version of the CMM in February 2017.

In late 2019, the CMM went through an additional thorough revision, which involved an extensive and thorough consultation process with many of the experts, partners and the Technical Board who were initially involved in its first development plus additional stakeholders from academia, civil society, business and international organisations. As a result of this thorough effort, the GCSCC was able to identify key areas where the CMM could be updated to meet the demands of a rapidly changing cybersecurity environment. The latest revision of the CMM is planned for publication in the second half of 2020.