Governance & stewardship

CR-CMM Advisory Board.

CR-CMM is the community-driven cyber resilience capability maturity model, guided by an Advisory Board for technical integrity and strategic input. CR-CMM is sponsored and owned by High Value Target, a boutique cyber resilience firm.

View resources Start assessment

Practice
Leads

Meeting notes posted

Change request routes

Anyone from the community can submit change requests to the CR-CMM team via email, to Advisory Board members, or via LinkedIn. Meeting notes are posted on this website for transparency.

The role of the CR-CMM Advisory Board

Technical integrity, interpretation, and responsible evolution.

The Advisory Board helps guide the technical integrity, interpretation, and responsible evolution of CR-CMM. Advisory Board membership does not by itself transfer ownership or authorize official public representation, partnerships, or commercialization under the CR-CMM brand without approval. Any change request is then periodically reviewed and triaged by the Advisory Board and meeting notes are posted on this website for transparency.

Community governance

CR-CMM is the community-driven cyber resilience capability maturity model, guided by an Advisory Board for technical integrity and strategic input. Anyone from the community, especially from prominent cyber resilience subject-matter expert groups, can submit change requests to the CR-CMM team via email, to its Advisory Board members or via its LinkedIn page. Any change request is then periodically reviewed and triaged by the Advisory Board. CR-CMM is sponsored and owned by High Value Target, a boutique cyber resilience firm.

CR-CMM is made available for community benefit under its published licensing terms. High Value Target retains ownership, sponsorship, and control of official branding, external positioning, and approved commercial use.

Current board

Practice-aligned advisors.

The Advisory Board brings together domain expertise across the ten CR-CMM practices to help review interpretation, change requests, and the ongoing evolution of the model.

Practice	Advisor	Organization
Criticality Analysis	Heath Renfrow	Fenix24
Situational Awareness	Rob van Os	SOC-CMM
Threat-Informed Defense	Mehdi Azaouioui	Limber Security
Defensible Architecture	Perry Young	AiSP CISO SIG
Crisis Management	Mark Orsi, Alex Sharpe	GRF
Scenario Simulation	Patrick Lechner	Resion
Contingency Testing	Itay Mesholam	ISSA Cyber Resilience SIG
System Testing	Dr. Mark Winstead	MITRE
Security Testing	Piotr Borkowski	CyberArms
Cyber Recovery	Carlos Recalde	Sheltered Harbor

Submit a change request

Route feedback through the official channels.

Community members, especially cyber resilience subject-matter expert groups, can submit change requests to the CR-CMM team via email, directly to Advisory Board members, or through LinkedIn.

contact@cr-cmm.org LinkedIn

Meeting notes