Skip to content

BCHarrell/redteamcmm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Example_Implementations
Example_Implementations
 
 
old_versions
old_versions
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
RedTeam_CMM_V2.csv
RedTeam_CMM_V2.csv
 
 
RedTeam_CMM_V2.xlsx
RedTeam_CMM_V2.xlsx
 
 

Repository files navigation

Red Team Capability Maturity Model

This GitHub is primarily for managing community input and also provides the CMM in two file formats - Excel, if you trust me and want some formatting already done for you; and CSV, if you want to do some formatting yourself and think I'm sketchy. For the full model in your browser and other supporting information, see the project website.

Inside the Example_Implementations folder are variations on the base spreadsheet submitted by the community. See the README for an inventory of examples, credits, and a brief synopsis of each. Some of these examples are also further detailed on the main site

Slides (You've Gained +2 Perception and F-SISAC/H-ISAC) and a video presentation covering version one of the model are available if you prefer.

Version History

1/2023: Version 1:

Initial version

1/2026: Version 2:

  • Added subject: Findings Management. This subject deals with how the Red Team handles the outputs from exercises, particularly focused around the ownership and closure of the findings. Ideally, a Red Team has a formalized process to pass findings to another team, such that the Red Team generates findings and other teams handle the closure.

  • Cleaned up language in a few spots, primarily around the Relationships with GRC to deconflict with the new subject and add some specificity. Also cleaned up language around Relationships with CTI to ensure the control is more in the Red Team realm, where the older language relied on the CTI team's own maturity.

Here to Contribute?

Thanks for participating! Please submit a feature request with your suggested changes after reading the guidance below.

  1. Read through the level descriptors included with the CMM and align your modifications to those descriptors. If you think a descriptor is missing but is needed to address your change, you can suggest that, too! Just make sure you provide descriptors at all five levels.

  2. Think broadly. I'm sure we all have unique cases that are missing from this model, but I want to ensure people from various organizations at various levels of maturity can still leverage the model.

  3. Include rationale for the change. Changes without rationale won't receive much attention, I want to know why you believe this helps improve the model for everyone.

License

This material is licensed under the Creative Commons Attribution-NonCommercial 4.0 International license. So feel free to copy and modify with attribution, but no selling this.

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity

Stars

66 stars

Watchers

5 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors