search menu icon-carat-right cmu-wordmark

Introduction to the CERT Resilience Management Model

This two-day course introduces a model-based process improvement approach to managing operational resilience using the CERT® Resilience Management Model (CERT-RMM) v1.2.

CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk. By improving operational resilience processes (such as vulnerability analysis, incident management, and service continuity), an organization can use the model to improve and sustain the resilience of mission-critical assets and services. Because organizations can't plan for every disruption, the maturity model feature of CERT-RMM can be used to measure and improve the consistency and predictability of performance under times of stress. As a process improvement model, CERT-RMM also can be used by organizations to chart a structured improvement path by setting improvement targets, measuring current capabilities, and developing improvement plans-all focused on making mission-critical assets and services more resilient. And CERT-RMM is designed to make more efficient and effective use of domain-specific practices that an organization already uses today rather than replace them.

The course is composed of lectures and class exercises with ample opportunity for participant questions and discussions. After attending the course, participants will understand the fundamental concepts of operational resilience and operational resilience management, have a working knowledge of CERT-RMM process areas, and be able to begin process improvement efforts in their organization. Using CERT-RMM as a guide, participants will also be able to evaluate their current security, business continuity, and IT operations practices and make effective decisions about which practices are working and which need to be replaced.


  • Security and business continuity professionals
  • Process improvement professionals, particularly those looking to extend process improvement approaches into the operations phase of the lifecycle
  • Enterprise and operational risk management professionals
  • Anyone interested in applying a maturity model approach to managing operational resilience


Successful completion of this course will enable participants to

  • Understand the challenges of managing operational resilience
  • Have a working knowledge of key operational resilience, operational risk, and resilience management concepts and their relationships
  • Understand the CERT-RMM model structure and how to use it
  • Apply a process improvement and maturity model approach to managing operational resilience
  • Have a working knowledge of the 26 CERT-RMM process areas
  • Understand how CERT-RMM is used to appraise an organization's capability for managing operational resilience
  • Begin planning for a process improvement effort in their organization


  • Introduction to operational risk, resilience, and resilience management
  • Introduction to model-based process improvement
  • Overview of CERT-RMM model components
  • High-level review of the CERT-RMM process areas
  • Adopting, initiating, and sponsoring a process improvement approach


Participants will receive a downloadable copy of course materials.

  • Course notebook containing the course slides
  • Various supplementary handouts and exercises
  • Copy of Addison-Wesley publication CERT® Resilience Management Model.
  • CD containing the latest version of the CERT-RMM Code of Practice Crosswalk and PDF copies of the course slides and exercises


This course has no prerequisites.

Dates Offered

Register Now

Course Fees [USD]

  • U.S. Industry: $2,500.00
  • U.S. Govt/Academic: $2,000.00
  • International: $3,750.00


This two-day course meets at the following times:

Days 1-2: 8:30 a.m.-4:30 p.m. Eastern Time

This course may be offered by special arrangement at customer sites. For details, please email or telephone at +1 412-268-1817.

Course Questions?

Phone: 412-268-7388

Related Courses

  • Assessing Information Security Risk Using the OCTAVE Approach

    3 - Day Course

    In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method. The OCTAVE Allegro approach provides organizations a comprehensive methodology that focuses on information assets in their operational context. Risks...

    Learn More

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.