Our mission is to provide organizations with an effective and measurable way to evaluate and enhance their Cloud Native security posture. We aim to enable organizations to confidently design, deploy, and operate secure Cloud Native systems through a self-assessment model that drives continuous improvement.
The Cloud Native Assurance Maturity Model (CNAMM) is a framework designed to help organizations measure and improve their Cloud Native security and assurance capabilities. This toolkit provides a structured approach to assess your organization's current maturity level and identify areas for improvement.
CNAMM evaluates eight critical business functions, each containing three Practice Areas with two assessment Streams:
- Strategy and Risk Governance
- Supply Chain and Vendor Security
- Infrastructure and Platform Security
- Application and Data Protection
- Identity and Access Governance
- Runtime Security Operations
- Threat Detection and Response
- Resilience and Service Assurance
- Stream A (Core): Essential capabilities and security controls
- Stream B (Advanced): Advanced capabilities and innovative practices
- 1.0: Foundation - Basic security controls and initial processes
- 1.1-2.0: Standardized - Consistent security practices and documentation
- 2.1-3.0: Optimized - Efficient processes and automation
- 3.1-3.5: Leading - Advanced capabilities and proactive security
- 3.6-4.0: Transformative - Innovative practices and industry leadership
Your organization's context affects your target security maturity level through a profile multiplier (0.9-1.2x) based on:
- Industry Requirements
- Regulatory Obligations
- Organizational Scale
- Cloud Native Maturity
- Overall Maturity Score and Level
- Assessment Completion Status
- Business Function Scoring Summary
- Comprehensive Visualizations
This repository contains essential tools and documentation for implementing CNAMM:
- CNAMM Assessment Toolkit.xlsx: Interactive assessment tool with comprehensive scoring system
- Documentation: Detailed guide covering framework fundamentals and implementation
- Graphics: Visual representations of the framework components
-
Download the Assessment Toolkit
- Open
CNAMM Assessment Toolkit.xlsx - Navigate to the Intro tab
- Open
-
Complete Organization Profile
- Define your context
- Understand your target maturity
-
Conduct Assessment
- Evaluate each business function
- Document evidence
- Review scores and insights
-
Plan Improvements
- Identify gaps
- Prioritize enhancements
- Track progress
We welcome community contributions to improve CNAMM:
- Share your results through our Industry Benchmark Survey
- Submit improvements via pull requests
- Provide feedback and suggestions
For questions or support:
- Email: [email protected]
- Submit issues through GitHub
- Join community discussions
- Abdel Sy Fane - CTO of DevSecFlow and Co-Founder and Executive Director of CyberSecurity NonProfit (CSNP)
- Francis Ofungwu - CEO of DevSecFlow
This work is licensed under the Creative Commons Attribution-Share Alike 4.0 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0/legalcode
© 2024 DevSecFlow Community. All Rights Reserved.