HMG IA Maturity Model (IAMM)

Created:  24 Nov 2015
Updated:  01 Aug 2016
Archive content originally produced by CESG that has not yet been absorbed into the new NCSC web pages.
CESG is currently reviewing the HMG IA Maturity Model (IAMM) which has been widely used by government departments and the broader public sector since its inception in 2008.

Developing an alternative to the IA Maturity Model

CESG is currently reviewing the HMG IA Maturity Model (IAMM) which has been widely used by government departments and the broader public sector since its inception in 2008.

The goals of the new methodology are that it:

  • is suitable for entities of any size – from a single system to a collection of organisations in an industry sector or supply chain
  • can assess whether security governance objectives have been set and whether these have been translated into an appropriate security management regime
  • can be used in conjunction with other methods such as HMG 10 Steps to Cyber Security, ISO 27000 series and NIST Cyber Security Framework

Chief Information Security Officers, directors, government, regulators and cyber security practitioners will all be able to use the new methodology to better understand whether their cyber security governance is effective.

As part of assisting organisations' boards to progress towards the broad outcomes of the National IA Strategy, and particularly the mandatory and other measures set out in the Data Handling Review, this IAMM has been created.

The IAMM is supported by the Information Assurance Assessment Framework (IAAF), which is designed to assist an independent review of progress against the IAMM within an organisation. In its turn, this review will assist organisational boards to report ongoing improvements in their Information Assurance and Information Risk Management postures in their annual reports to Cabinet Office.

 

Improving Information Assurance at the Enterprise Level (Good Practice Guide 28)_1.3.pdf

PDF, 1214.58KB

This file may not be suitable for users of assistive technology.

Information Assurance Maturity Model (Good Practice Guide 40)_2.1.pdf

PDF, 2424.68KB

This file may not be suitable for users of assistive technology.

CIAN 2015 02 Information Assurance Maturity Model (IAMM) Interim Guidance.pdf

PDF, 146.56KB

This file may not be suitable for users of assistive technology.

iamm assessment services.doc

DOC, 150.5KB

This file may not be suitable for users of assistive technology.

Topics

Was this information helpful?

We need your feedback to improve this content.

Yes No