CTI-CMM Methodology

The CTI-CMM is organized into 11 domains, representing organizational cyber security functions. Within each domain, we identify the function it serves ("Domain Purpose") then how CTI can provide support to this stakeholder ("CTI Mission"). 

Domain Purpose: Manage the organization’s information technology (IT) and operational technology (OT) assets, including hardware, software, and information assets, commensurate with the risk to critical infrastructure and organizational objectives. 

CTI Mission: Monitor the organization’s attack surface to rapidly detect at-risk assets and reduce exposures based on the current and anticipated threat landscape. 

Domain Purpose: Establish and maintain plans, procedures, and technologies to detect, identify, analyze, manage, and respond to cybersecurity threats and vulnerabilities commensurate with the risk to the organization’s infrastructure (such as critical, IT, and operational) and organizational objectives. 

CTI Mission: Maintain comprehensive and contemporary knowledge of the relevant evolving threat landscape to reduce the organization’s risk against new and emerging adversaries, malware, vulnerabilities, and exploits. 

Domain Purpose: Establish, operate, and maintain an enterprise cyber risk management program to identify, analyze, and respond to cyber risk the organization is subject to, including its business units, subsidiaries, related interconnected infrastructure, and stakeholders. 

CTI Mission: Align CTI with the organization’s risk management strategies to inform and prioritize risk reduction efforts. Improve risk decisions, assessments, and controls by identifying relevant threats and estimating likelihood and potential impact. 

Domain Purpose: Create and manage identities for entities that may be granted logical or physical access to the organization’s assets. Control access to the organization’s assets commensurate with the risk to critical infrastructure and organizational objectives. 

CTI Mission: Proactively inform identity and access management (IAM) strategies, reduce incident detection times, accelerate remediation, and enable continuous improvements to safeguard critical assets and build resilience against identity-related threats. 

Domain Purpose: Establish and maintain activities and technologies to collect, monitor, analyze, alarm, report, and use operational, security, and threat information, including status and summary information from the other model domains, to establish situational awareness for both the organization’s operational state and cybersecurity state. 

CTI Mission: Drive threat-informed decision-making for all stakeholders based on the current and forecasted threat landscape relative to the organization. Reduce uncertainty and increase predictability of the threat environment to create a commensurate state of security readiness. 

Domain Purpose: Establish and maintain plans, procedures, and technologies to detect, analyze, mitigate, respond to, and recover from cybersecurity events and incidents and to sustain operations during cybersecurity incidents commensurate with the risk to critical infrastructure and organizational objectives. 

CTI Mission: Capture, correlate, prioritize, and enrich intrusion activity in the enterprise environment to create an advantage for incident responders and strengthen the organization’s overall security posture. 

Domain Purpose: Establish and maintain controls to manage the cyber risks arising from suppliers and other third parties commensurate with the risk to critical infrastructure and organizational objectives. 

CTI Mission: Strengthen third-party risk management by continuously monitoring, detecting, assessing, and mitigating potential incidents posed by third-party vendors and suppliers. Enhance vendor risk profile evaluations and prioritization using threat intelligence insights and recommendations. 

Domain Purpose: Establish and maintain plans, procedures, technologies, and controls to create a culture of cybersecurity and to ensure the ongoing suitability and competence of personnel commensurate with the risk to critical infrastructure and organizational objectives. 

CTI Mission: Support hardening of the human element of the organization’s attack surface by enhancing workforce management initiatives with insights into adversary tactics and organization-specific risks. 

Domain Purpose: Establish and maintain the structure and behavior of the organization’s cybersecurity architecture, including controls, processes, technologies, and other elements, commensurate with the risk to critical infrastructure and organizational objectives. 

CTI Mission: Support the enterprise-wide effort to develop a robust and resilient IT architecture by providing insights into cyber threats potentially targeting the organization and recommending system and information security practices designed to combat them. This should account for current and emerging threats with such recommendations to include hardening, mitigation, and remediation guidance. 

Domain Purpose: Establish and maintain an enterprise cybersecurity program that provides governance, strategic planning, and sponsorship for the organization’s cybersecurity activities in a manner that aligns cybersecurity objectives with both the organization’s strategic objectives and the risk to critical infrastructure. 

CTI Mission: Ensure the organization's resilience and success through a measurable CTI program that aligns strategic goals, prioritizes critical infrastructure to the organization, and fosters strong governance, planning, and collaboration. 

Domain Purpose: Shield the organization from malicious digital scams and attacks by hunting for emerging threats, sharing intelligence to strengthen defenses, and guiding response to safeguard data, finances, and reputation. This proactive shield against bad actors fosters a secure online environment for all. 

CTI Mission: Create awareness around new and emerging trends in fraud and brand protection. Detect, assess, and mitigate fraudulent activities to reduce risk against the organization’s employees, customers, and brand.