CMMI model in version 2.2 - Security and Protection

CMMI Version 2.2

Business awareness of the need to invest in proactive security measures has increased, but many organizations continue to delay implementing solid protection initiatives due to a lack of resources and skilled professionals in their teams. This is an issue that continues to leave companies vulnerable to cyber threats, so to get around it, organizations must take proactive steps to deliver products that are secure against cost, schedule, and quality goals.

ISACA's new CMMI model is one of the best-practice solutions for globally defining the fundamental security and protection strategies, approaches, activities and functions to defend an organization's entire ecosystem, including people, resources and information.

With the appearance of the CMMI Model for Security and Protection (MSS) resulted a new Capacity Area (CA) called Security and Protection Management (MSS). The objective is not to deliver specific solutions or protection products for companies, but offering continuous security, focused on the needs of each business, because sometimes, having its own security sector in a company is a difficult reality. MSS will offer companies the opportunity to achieve greater information security in their organizations, without needing to increase their areas of expertise and their staff.

What are the new areas of action at CMMI?

Enabling Safety (ESAF) identifies and addresses safety in all aspects of the organization's environment and solution, including products, processes, services or environments. This module facilitates the management of security activities.

Enabling Security (ESEC) includes performing security activities that produce secure solutions, which involve systematically identifying, evaluating, and addressing the security needs of a project or organization.

Managing Security Threats and Vulnerabilities (MST) includes a detailed approach to addressing security threats and vulnerabilities for an organization or project.



Find out how we can contribute to your organization through our
training and certification offer in our


Get to know some of the areas where we operate.

ISO 27001
CMMI for Services