SOC-CMM certification helps SOCs to verify and show that their SOC service are of high quality and standards. The certification process uses a set of controls, derived from the SOC-CMM assessment. Using these controls, a SOC can pursue certification at one of 3 levels
- defined, where security operations are conducted in a standardised and controlled manner
- validated, where SOCs are running services that are evaluated for efficiency and effectiveness regarding detection of cyber attacks
- risk-driven, where SOCs are able to provide services that are based on actual CTI and address company risk
Certification services are delivered by authorised certification partners.
Currently, SOC certification is in a pilot stage. If you wish to be kept up to date of the progress of the pilot, subscribe to the SOC-CMM mailing list