CR-CMM Toolkit v1.1
Latest full assessment workbook (Version 1.1, March 2026) with 151 questions, prioritization, regulatory mapping, and product mapping.
XLSX1.3 MB
Resource library
Unlock the workbook, or start with the quick scan.
The XLSX workbook is the core CR-CMM product. If you want a lighter first step, take the 5 minute assessment first, then come back here to unlock the workbook and supporting resources.
Quick access
Start with the core next steps.
All ResourcesFramework DocsAssessment ToolsImplementation GuidesTemplatesStandards & ComplianceTraining Materials
Featured resources
Unlock the workbook when you are ready, use the quick assessment as the lighter first pass, and keep governance material open for public review.
5 Minute Quick Assessment
Take the lighter online version when you want a fast taste first before going deeper in the workbook.
Start assessmentAdvisory Board & governance notes
Review the CR-CMM Advisory Board, stewardship model, and published governance meeting summaries.
View advisory boardThe CR-CMM serves as a powerful tool for organizations seeking to strengthen their cyber resilience posture. By applying it regularly — bi-annually or annually — companies can evaluate and benchmark their current maturity against an established baseline, gaining a clear picture of where they stand.
Beyond measurement, the model guides investment and informs strategic initiatives, helping decision-makers prioritize resources where they matter most. It creates a common language for talking about cyber resilience — bridging technical teams, business processes, and executive priorities.
This unified framework encourages collaboration across functions that often work in silos: cybersecurity, business continuity, IT operations, and risk management.
Meet the Advisory Board.
The Advisory Board helps guide the technical integrity, interpretation, and responsible evolution of CR-CMM. Advisory Board membership does not by itself transfer ownership or authorize official public representation, partnerships, or commercialization under the CR-CMM brand without approval. Any change request is then periodically reviewed and triaged by the Advisory Board and meeting notes are posted on this website for transparency.
Secure Control Framework (SCF)
A key mapped framework because SCF cross-references broad regulatory obligations, extending CR-CMM mapping coverage across major requirements.
Secure Controls Framework
VisitCyber Resilience Manifesto
Initiative introducing the CR-CMM to help organizations measure, benchmark, and improve resilience across ten domains
Cyber Resilience Manifesto
VisitNIST SP 800-160 Vol 2
Developing Cyber-Resilient Systems: a systems security engineering approach.
NIST
VisitISO/IEC 27031
Information and communication technology readiness for business continuity guidelines.
ISO
VisitMITRE CREF Navigator
Cyber Resiliency Engineering Framework visualization tool for customizing cyber resiliency goals and techniques
MITRE
VisitISSA Cyber Resilience SIG
A community focused on disseminating best practices for cyber resilience strategies.
ISSA
VisitOfficial meeting summaries & decisions.
Official summaries, decisions, and action items from CR-CMM Advisory Board meetings guiding the evolution of the model.
Download the full assessment workbook.
The XLSX toolkit is the core CR-CMM product. If you want a lighter first step, take the 5 minute assessment to spot the main gaps first, then deep dive in Excel or ask our experts to help facilitate it.