SOC-CMM forum
SOC-CMM v2.2 (beta release) - Printable Version

+- SOC-CMM forum (
+-- Forum: SOC-CMM (
+--- Forum: SOC-CMM development (
+--- Thread: SOC-CMM v2.2 (beta release) (/showthread.php?tid=1202)

SOC-CMM v2.2 (beta release) - robvanos - 10-01-2021

It’s been 5 years since the initial release of the SOC-CMM. In the past 5 years, the SOC-CMM has evolved from a thesis project to a fully featured self-assessment for Security Operations Centers. The SOC-CMM has found its way into SOCs all around the world, helping security teams mature and professionalize their security operations globally.
Today, I’m happy to announce a new beta release of the SOC-CMM. This release features many enhancements that were introduced in the SOC-CMM4CERT. New elements have also been introduced, mainly in the process domain. With these additions, the SOC-CMM now features Mitre ATT&CK, visibility, detection engineering, adversary emulation and automated defence testing. There are still many more improvements and changes that I initially envisioned for this version, but development takes a lot of time and effort.
If you come across any issues, please let me, preferably through a reply to the post. I’m planning to finalise the product based on your feedback for an official release by the end of this year.

RE: SOC-CMM v2.2 (beta release) - robvanos - 10-12-2021

Change notes (as compared to version 2.1):

Business domain:
- Governance:
  - question 4.10 added (external SOC cooperation)
- Privacy & Policy:
  - questions 5.1, 5.2 and 5.3 added (security policy)
  - question 5.4: additional NIST mapping applied

People domain:
- Employees:
  - questions 1.9 and 1.10 added (KSAOs)
- People Management:
  - questions 3.5 and 3.6 added, renumbering applied (team goals and tracking of goals)
  - questions 3.13 and 3.14 added (multi-team systems and team performance)
- Knowledge management:
  - question 4.4.1 added, renumbering applied (employee abilities)

Process domain:
- Operations and facilities:
  - question 2.1.6 added (OPSEC program)
  - questions 2.3.2, 2.3.5, 2.3.9 added, renumbering applied (war room, physical storage, remote working)
  - question 2.4.2 added, renumbering applied (viligance)
- Reporting:
  - question 3.8.6 added (proactive & reactive metrics)
  - questions 3.10.1 and 3.10.2 added (education & awareness)
- Use case management:
  - question 4.1.9 (testing use cases) moved to detection engineering, renumbering applied
  - section 4.2 added (Mitre ATT&CK)
  - section 4.3 added (visbility)
- Detection Engineering & Validation:
  - completely new section

Technology domain:
- Maintenance and support removed from capabilities, and moved to maturity (section x.4), renumbering applied. Applies to all technologies

Services domain:
- Threat Intelligence
  - question 4.14.25 added, renumbering applied (threat landscaping)
  - question 4.14.31 added (CTI infrastructure management)

Backend improvements:
- calculations improved and simplified
- Index updated from percentage completed to remaining questions
- generic guidance applied for all capabilities (technology & services domain)
- guidance added for new questions

Bug fixes & typos:
- Typos fixed where found
- conditional formatting error fixed

License updated:
- CC BY-SA instead of GPLv3