A Technical History of the SEI
ihQTwP
ihQTwP
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
neering CMM [<strong>SEI</strong> 1995] to describe <strong>the</strong> essential elements <strong>of</strong> an organization’s systems engineering<br />
process, and <strong>the</strong> CERT Resilience Management Model for managing operational resilience<br />
[Caralli 2010].<br />
The People CMM<br />
The People CMM employs <strong>the</strong> same Process Maturity Framework <strong>of</strong> <strong>the</strong> SW-CMM to support <strong>the</strong><br />
foundation <strong>of</strong> best practices for managing and developing an organization’s workforce. Based on<br />
<strong>the</strong> best practices in fields such as human resources, knowledge management, and organizational<br />
development, <strong>the</strong> People CMM guides organizations in improving <strong>the</strong>ir processes for managing<br />
and developing <strong>the</strong>ir workforce. The People CMM helps organizations characterize <strong>the</strong> maturity<br />
<strong>of</strong> <strong>the</strong>ir workforce practices, establish a program <strong>of</strong> continuous workforce development, set priorities<br />
for improvement actions, integrate workforce development with process improvement, and<br />
establish a culture <strong>of</strong> excellence.<br />
The Systems Engineering CMM (SE-CMM)<br />
The SE-CMM describes <strong>the</strong> essential elements that must exist to ensure good systems engineering<br />
and provides a reference for comparing actual systems engineering practices against <strong>the</strong>m. Good<br />
systems engineering is <strong>the</strong> key to success in market-driven and contractually negotiated market<br />
areas, and <strong>the</strong> SE-CMM provides a way to measure and enhance performance in that arena. It was<br />
designed to help organizations improve through self-assessment and guidance in <strong>the</strong> application<br />
<strong>of</strong> statistical process control principles. In conjunction with <strong>the</strong> model itself, a companion appraisal<br />
method exists, <strong>the</strong> SE-CMM Appraisal Method, for benchmarking <strong>the</strong> process capability<br />
<strong>of</strong> an organization’s or enterprise’s systems engineering function.<br />
The CERT Resilience Management Model<br />
In <strong>the</strong> late 1990s, <strong>the</strong> DoD faced a set <strong>of</strong> problems shared with organizations in every sector—<br />
U.S. federal government agencies, defense and commercial industry, and academia—arising from<br />
increasingly complex business and operational environments. These problems involved stress related<br />
to operational resilience, that is, <strong>the</strong> ability <strong>of</strong> an organization to achieve its mission even under<br />
degraded circumstances. The traditional disciplines <strong>of</strong> security, operational continuity, and information<br />
technology operations needed to be expanded to provide protection and continuity<br />
strategies for high-value services and supporting assets commensurate with <strong>the</strong>se new operating<br />
complexities. The <strong>SEI</strong> recognized that <strong>the</strong> best practices <strong>of</strong> such organizational challenges could<br />
best be managed with a capability maturity model. Over <strong>the</strong> ensuing 10 years, <strong>the</strong> <strong>SEI</strong> engaged<br />
<strong>the</strong> relevant communities in evolving such a model, reflecting <strong>the</strong> best practices <strong>of</strong> such diverse<br />
organizations as <strong>the</strong> DoD, defense industry, commercial industries, and financial services, to<br />
evolve a maturity model that embodied best practices. This work culminated in <strong>the</strong> CERT Resilience<br />
Management Model that was released in 2010. It has been applied successfully to a wide<br />
range <strong>of</strong> problems, including assessing <strong>the</strong> capability <strong>of</strong> U.S. IT-based critical infrastructures to be<br />
resilient in <strong>the</strong> presence <strong>of</strong> an attack and building an incident management capability in developing<br />
nations.<br />
CMU/<strong>SEI</strong>-2016-SR-027 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 103<br />
Distribution Statement A: Approved for Public Release; Distribution is Unlimited.