Capability Maturity Model

Last updated August 18, 2023

The Capability Maturity Model (CMM) is a development model created in 1986 after a study of data collected from organizations that contracted with the U.S. Department of Defense, who funded the research. The term "maturity" relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined steps, to managed result metrics, to active optimization of the processes.

Overview

The Capability Maturity Model was originally developed as a tool for objectively assessing the ability of government contractors' processes to implement a contracted software project. The model is based on the process maturity framework first described in IEEE Software ^[2] and, later, in the 1989 book Managing the Software Process by Watts Humphrey. It was later published in a report in 1993^[3] and as a book by the same authors in 1995.

Though the model comes from the field of software development, it is also used as a model to aid in business processes generally, and has also been used extensively worldwide in government offices, commerce, and industry.^[4]^[5]

History

Prior need for software processes

In the 1980s, the use of computers grew more widespread, more flexible and less costly. Organizations began to adopt computerized information systems, and the demand for software development grew significantly. Many processes for software development were in their infancy, with few standard or "best practice" approaches defined.

As a result, the growth was accompanied by growing pains: project failure was common, the field of computer science was still in its early years, and the ambitions for project scale and complexity exceeded the market capability to deliver adequate products within a planned budget. Individuals such as Edward Yourdon,^[6] Larry Constantine, Gerald Weinberg,^[7] Tom DeMarco,^[8] and David Parnas began to publish articles and books with research results in an attempt to professionalize the software-development processes.^[4]^[9]

In the 1980s, several US military projects involving software subcontractors ran over-budget and were completed far later than planned, if at all. In an effort to determine why this was occurring, the United States Air Force funded a study at the Software Engineering Institute (SEI).

Precursor

The first application of a staged maturity model to IT was not by CMU/SEI, but rather by Richard L. Nolan, who, in 1973 published the stages of growth model for IT organizations.^[10]

Watts Humphrey began developing his process maturity concepts during the later stages of his 27-year career at IBM.^[11]

Development at Software Engineering Institute

Active development of the model by the US Department of Defense Software Engineering Institute (SEI) began in 1986 when Humphrey joined the Software Engineering Institute located at Carnegie Mellon University in Pittsburgh, Pennsylvania after retiring from IBM. At the request of the U.S. Air Force he began formalizing his Process Maturity Framework to aid the U.S. Department of Defense in evaluating the capability of software contractors as part of awarding contracts.

The result of the Air Force study was a model for the military to use as an objective evaluation of software subcontractors' process capability maturity. Humphrey based this framework on the earlier Quality Management Maturity Grid developed by Philip B. Crosby in his book "Quality is Free".^[12] Humphrey's approach differed because of his unique insight that organizations mature their processes in stages based on solving process problems in a specific order. Humphrey based his approach on the staged evolution of a system of software development practices within an organization, rather than measuring the maturity of each separate development process independently. The CMM has thus been used by different organizations as a general and powerful tool for understanding and then improving general business process performance.

Watts Humphrey's Capability Maturity Model (CMM) was published in 1988^[13] and as a book in 1989, in Managing the Software Process.^[14]

Organizations were originally assessed using a process maturity questionnaire and a Software Capability Evaluation method devised by Humphrey and his colleagues at the Software Engineering Institute.

The full representation of the Capability Maturity Model as a set of defined process areas and practices at each of the five maturity levels was initiated in 1991, with Version 1.1 being completed in January 1993.^[3] The CMM was published as a book^[15] in 1995 by its primary authors, Mark C. Paulk, Charles V. Weber, Bill Curtis, and Mary Beth Chrissis. United States of America New York, USA.

Capability Maturity Model Integration

The CMM model's application in software development has sometimes been problematic. Applying multiple models that are not integrated within and across an organization could be costly in training, appraisals, and improvement activities. The Capability Maturity Model Integration (CMMI) project was formed to sort out the problem of using multiple models for software development processes, thus the CMMI model has superseded the CMM model, though the CMM model continues to be a general theoretical process capability model used in the public domain.^[16]^{[ citation needed ]}^[17]

In 2016, the responsibility for CMMI was transferred to the Information Systems Audit and Control Association (ISACA). ISACA subsequently released CMMI v2.0 in 2021. It was upgraded again to CMMI v3.0 in 2023. CMMI now places a greater emphasis on the process architecture which is typically realized as a process diagram. Copies of CMMI are available now only by subscription.

Adapted to other processes

The CMM was originally intended as a tool to evaluate the ability of government contractors to perform a contracted software project. Though it comes from the area of software development, it can be, has been, and continues to be widely applied as a general model of the maturity of process (e.g., IT service management processes) in IS/IT (and other) organizations.

Model topics

Maturity models

A maturity model can be viewed as a set of structured levels that describe how well the behaviors, practices and processes of an organization can reliably and sustainably produce required outcomes.

A maturity model can be used as a benchmark for comparison and as an aid to understanding - for example, for comparative assessment of different organizations where there is something in common that can be used as a basis for comparison. In the case of the CMM, for example, the basis for comparison would be the organizations' software development processes.

Structure

The model involves five aspects:

Maturity Levels: a 5-level process maturity continuum - where the uppermost (5th) level is a notional ideal state where processes would be systematically managed by a combination of process optimization and continuous process improvement.
Key Process Areas: a Key Process Area identifies a cluster of related activities that, when performed together, achieve a set of goals considered important.
Goals: the goals of a key process area summarize the states that must exist for that key process area to have been implemented in an effective and lasting way. The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area.
Common Features: common features include practices that implement and institutionalize a key process area. There are five types of common features: commitment to perform, ability to perform, activities performed, measurement and analysis, and verifying implementation.
Key Practices: The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the area.

Levels

There are five levels defined along the continuum of the model and, according to the SEI: "Predictability, effectiveness, and control of an organization's software processes are believed to improve as the organization moves up these five levels. While not rigorous, the empirical evidence to date supports this belief".^[18]

Initial (chaotic, ad hoc, individual heroics) - the starting point for use of a new or undocumented repeat process.
Repeatable - the process is at least documented sufficiently such that repeating the same steps may be attempted.
Defined - the process is defined/confirmed as a standard business process
Capable - the process is quantitatively managed in accordance with agreed-upon metrics.
Efficient - process management includes deliberate process optimization/improvement.

Within each of these maturity levels are Key Process Areas which characterise that level, and for each such area there are five factors: goals, commitment, ability, measurement, and verification. These are not necessarily unique to CMM, representing — as they do — the stages that organizations must go through on the way to becoming mature.

The model provides a theoretical continuum along which process maturity can be developed incrementally from one level to the next. Skipping levels is not allowed/feasible.

Level 1 - Initial: It is characteristic of processes at this level that they are (typically) undocumented and in a state of dynamic change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events. This provides a chaotic or unstable environment for the processes. (Example - a surgeon performing a new operation a small number of times - the levels of negative outcome are not known).

Level 2 - Repeatable: It is characteristic of this level of maturity that some processes are repeatable, possibly with consistent results. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing processes are maintained during times of stress.

Level 3 - Defined: It is characteristic of processes at this level that there are sets of defined and documented standard processes established and subject to some degree of improvement over time. These standard processes are in place. The processes may not have been systematically or repeatedly used - sufficient for the users to become competent or the process to be validated in a range of situations. This could be considered a developmental stage - with use in a wider range of conditions and user competence development the process can develop to next level of maturity.

Level 4 - Managed (Capable): It is characteristic of processes at this level that, using process metrics, effective achievement of the process objectives can be evidenced across a range of operational conditions. The suitability of the process in multiple environments has been tested and the process refined and adapted. Process users have experienced the process in multiple and varied conditions, and are able to demonstrate competence. The process maturity enables adaptions to particular projects without measurable losses of quality or deviations from specifications. Process Capability is established from this level. (Example - surgeon performing an operation hundreds of times with levels of negative outcome approaching zero).

Level 5 - Optimizing (Efficient): It is a characteristic of processes at this level that the focus is on continually improving process performance through both incremental and innovative technological changes/improvements. At maturity level 5, processes are concerned with addressing statistical common causes of process variation and changing the process (for example, to shift the mean of the process performance) to improve process performance. This would be done at the same time as maintaining the likelihood of achieving the established quantitative process-improvement objectives.

Between 2008 and 2019, about 12% of appraisals given were at maturity levels 4 and 5.^[19]^[20]

Critique

The model was originally intended to evaluate the ability of government contractors to perform a software project. It has been used for and may be suited to that purpose, but critics ^{[ who? ]} pointed out that process maturity according to the CMM was not necessarily mandatory for successful software development.

Software process framework

The software process framework documented is intended to guide those wishing to assess an organization's or project's consistency with the Key Process Areas. For each maturity level there are five checklist types:

Type	Description
Policy	Describes the policy contents and KPA goals recommended by the Key Process Areas.
Standard	Describes the recommended content of select work products described in the Key Process Areas.
Process	Describes the process information content recommended by the Key Process Areas. These are refined into checklists for: Roles, entry criteria, inputs, activities, outputs, exit criteria, reviews and audits, work products managed and controlled, measurements, documented procedures, training, and tools
Procedure	Describes the recommended content of documented procedures described in the Key Process Areas.
Level overcome	Provides an overview of an entire maturity level. These are further refined into checklists for: Key Process Areas purposes, goals, policies, and standards; process descriptions; procedures; training; tools; reviews and audits; work products; measurements

Related Research Articles

Software Engineering Institute (SEI) is a federally funded research and development center in Pittsburgh, Pennsylvania, United States. Founded in 1984, the institute is now sponsored by the United States Department of Defense and the Office of the Under Secretary of Defense for Research and Engineering, and administrated by Carnegie Mellon University. The activities of the institute cover cybersecurity, software assurance, software engineering and acquisition, and component capabilities critical to the United States Department of Defense.

Watts S. Humphrey was an American pioneer in software engineering who was called the "father of software quality."

Information technology (IT)governance is a subset discipline of corporate governance, focused on information technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system.

ISO/IEC 15504Information technology – Process assessment, also termed Software Process Improvement and Capability dEtermination (SPICE), is a set of technical standards documents for the computer software development process and related business management functions. It is one of the joint International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standards, which was developed by the ISO and IEC joint subcommittee, ISO/IEC JTC 1/SC 7.

The Personal Software Process (PSP) is a structured software development process that is designed to help software engineers better understand and improve their performance by bringing discipline to the way they develop software and tracking their predicted and actual development of the code. It clearly shows developers how to manage the quality of their products, how to make a sound plan, and how to make commitments. It also offers them the data to justify their plans. They can evaluate their work and suggest improvement direction by analyzing and reviewing development time, defects, and size data. The PSP was created by Watts Humphrey to apply the underlying principles of the Software Engineering Institute's (SEI) Capability Maturity Model (CMM) to the software development practices of a single developer. It claims to give software engineers the process skills necessary to work on a team software process (TSP) team.

Capability Maturity Model Integration (CMMI) is a process level improvement training and appraisal program. Administered by the CMMI Institute, a subsidiary of ISACA, it was developed at Carnegie Mellon University (CMU). It is required by many U.S. Government contracts, especially in software development. CMU claims CMMI can be used to guide process improvement across a project, division, or an entire organization. CMMI defines the following maturity levels for processes: Initial, Managed, Defined, Quantitatively Managed, and Optimizing. Version 2.0 was published in 2018. CMMI is registered in the U.S. Patent and Trademark Office by CMU.

Quality management ensures that an organization, product or service consistently functions well. It has four main components: quality planning, quality assurance, quality control and quality improvement. Quality management is focused not only on product and service quality, but also on the means to achieve it. Quality management, therefore, uses quality assurance and control of processes as well as products to achieve more consistent quality. Quality control is also part of quality management. What a customer wants and is willing to pay for it, determines quality. It is a written or unwritten commitment to a known or unknown consumer in the market. Quality can be defined as how well the product performs its intended function.

COBIT is a framework created by ISACA for information technology (IT) management and IT governance.

Microsoft Solutions Framework (MSF) is a set of principles, models, disciplines, concepts, and guidelines for delivering information technology services from Microsoft. MSF is not limited to developing applications only; it is also applicable to other IT projects like deployment, networking or infrastructure projects. MSF does not force the developer to use a specific methodology.

The Capability Maturity Model Integration (CMMI) defines a process area as, "a cluster of related practices in an area that, when implemented collectively, satisfies a set of goals considered important for making improvement in that area." Both CMMI for Development v1.3 and CMMI for Acquisition v1.3 identify 22 process areas, whereas CMMI for Services v1.3 identifies 24 process areas. Many of the process areas are the same in these three models.

Capability Immaturity Model (CIMM) in software engineering is a parody acronym, a semi-serious effort to provide a contrast to the Capability Maturity Model (CMM). The Capability Maturity Model is a five point scale of capability in an organization, ranging from random processes at level 1 to fully defined, managed and optimized processes at level 5. The ability of an organization to carry out its mission on time and within budget is claimed to improve as the CMM level increases.

People Capability Maturity Model is a maturity framework that focuses on continuously improving the management and development of the human assets of an organization. It describes an evolutionary improvement path from ad hoc, inconsistently performed practices, to a mature, disciplined, and continuously improving development of the knowledge, skills, and motivation of the workforce that enhances strategic business performance.

A Software Engineering Process Group (SEPG) is an organization's focal point for software process improvement activities. These individuals perform assessments of organizational capability, develop plans to implement needed improvements, coordinate the implementation of those plans, and measure the effectiveness of these efforts. Successful SEPGs require specialized skills and knowledge of many areas outside traditional software engineering.

The Standard CMMI Appraisal Method for Process Improvement (SCAMPI) is the official Software Engineering Institute (SEI) method to provide benchmark-quality ratings relative to Capability Maturity Model Integration (CMMI) models. SCAMPI appraisals are used to identify strengths and weaknesses of current processes, reveal development/acquisition risks, and determine capability and maturity level ratings. They are mostly used either as part of a process improvement program or for rating prospective suppliers. The method defines the appraisal process as consisting of preparation; on-site activities; preliminary observations, findings, and ratings; final reporting; and follow-on activities.

The Trillium Model, created by a collaborative team from Bell Canada, Northern Telecom and Bell Northern Research combines requirements from the ISO 9000 series, the Capability Maturity Model (CMM) for software, and the Baldrige Criteria for Performance Excellence, with software quality standards from the IEEE. Trillium has a telecommunications orientation and provides customer focus. The practices in the Trillium Model are derived from a benchmarking exercise which focused on all practices that would contribute to an organization's product development and support capability. The Trillium Model covers all aspects of the software development life-cycle, most system and product development and support activities, and a significant number of related marketing activities. Many of the practices described in the model can be applied directly to hardware development.

In combination with the personal software process (PSP), the team software process (TSP) provides a defined operational process framework that is designed to help teams of managers and engineers organize projects and produce software for products that range in size from small projects of several thousand lines of code (KLOC) to very large projects greater than half a million lines of code. The TSP is intended to improve the levels of quality and productivity of a team's software development project, in order to help them better meet the cost and schedule commitments of developing a software system.

A maturity model is a framework for measuring an organization's maturity, with maturity being defined as a measurement of the ability of an organization for continuous improvement in a particular discipline. The higher the maturity, the higher will be the chances that incidents or errors will lead to improvements either in the quality or in the use of the resources of the discipline as implemented by the organization.

<span class="mw-page-title-main">Roger R. Bate</span> American academic and United States Air Force general

Roger Redmond Bate was a brigadier general, Rhodes Scholar, professor, and scientist who had held a variety of positions with the Air Force, Texas Instruments, and the Software Engineering Institute at Carnegie Mellon University.

In software engineering, a software development process is a process of planning and managing software development. It typically involves dividing software development work into smaller, parallel, or sequential steps or sub-processes to improve design and/or product management. It is also known as a software development life cycle (SDLC). The methodology may include the pre-definition of specific deliverables and artifacts that are created and completed by a project team to develop or maintain an application.

Bill Curtis is a software engineer best known for leading the development of the Capability Maturity Model and the People CMM in the Software Engineering Institute at Carnegie Mellon University, and for championing the spread of software process improvement and software measurement globally. In 2007 he was elected a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) for his contributions to software process improvement and measurement. He was named to the 2022 class of ACM Fellows, "for contributions to software process, software measurement, and human factors in software engineering".

References

↑ Nayab, N. (2010-04-27). "The Difference Between CMMI vs CMM". Bright Hub PM. Retrieved 2020-02-15.
↑ Humphrey, W. S. (March 1988). "Characterizing the software process: a maturity framework". IEEE Software. 5 (2): 73–79. doi:10.1109/52.2014. ISSN 0740-7459. S2CID 1008347.
1 2 Paulk, Mark C.; Weber, Charles V; Curtis, Bill; Chrissis, Mary Beth (February 1993). "Capability Maturity Model for Software (Version 1.1)" (PDF). Technical Report. Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University. CMU/SEI-93-TR-024 ESC-TR-93-177. Archived (PDF) from the original on 2011-01-03.
1 2 McKay, Vivienne. "What is the Capability Maturity Model? (CMM) | Process Maturity | FAQ". www.selectbs.com. Retrieved 2017-03-20.
↑ White, Sarah K. (2018-03-16). "What is CMMI? A model for optimizing development processes". CIO. Retrieved 2020-06-04.
↑ Yourdon, E. (1989). 1989. Modern Structured Analysis . New York: Prentice Hall. ISBN 978-0135986240.
↑ Weinberg, G. M. (1992). Quality Software Management: Anticipating Change. Vol. 1: Systems Thinking. New York: Dorset House Pub. ISBN 978-0-932633-72-9.
↑ DeMarco, T.; Lister, T. (1997). Waltzing with Bears: Managing Risk on Software Projects. New York: Dorset House Pub. ISBN 978-0-932633-60-6.
↑ "CMMI-Six Sigma, their roots". Process Enhancement Partners, Inc. 2011-01-23. Retrieved 2018-05-11.
↑ Nolan, R. L. (July 1973). "Managing the computer resource: A stage hypothesis". Comm. ACM . 16 (7): 399–405. doi: 10.1145/362280.362284 . S2CID 14053595.
↑ "People Capability Maturity Model (P-CMM) Version 2.0". resources.sei.cmu.edu. Retrieved 2017-01-17.
↑ Crosby, P. B. (1979). Quality is Free . New York: New American Library. ISBN 0-451-62247-2.
↑ Humphrey, W. S. (March 1988). "Characterizing the software process: A maturity framework" (PDF). IEEE Software . 5 (2): 73–79. doi:10.1109/52.2014. S2CID 1008347.
↑ Humphrey, W. S. (1989). Managing the Software Process. SEI series in software engineering. Reading, Mass.: Addison-Wesley. ISBN 0-201-18095-2.
↑ Paulk, Mark C.; Weber, Charles V; Curtis, Bill; Chrissis, Mary Beth (1995). The Capability Maturity Model: Guidelines for Improving the Software Process . SEI series in software engineering. Reading, Mass.: Addison-Wesley. ISBN 0-201-54664-7.
↑ Juran (2010-08-26). Juran'S Quality Hb 6E. McGraw-Hill Education (India) Pvt Limited. ISBN 9780071070898.
↑ Natarajan, R (2015). Proceedings of the International Conference on Transformations in Engineering Education. Springer.
↑ State of Michigan SDLC Appendix on CMM Attests to 2001 use of the text so it couldn't have come from here.
↑ "CMMI Adoption Trends - 2019 Mid Year Update". CMMI Institute. 2019-10-21.
↑ Fishman, Charles (1996-12-31). "They Write the Right Stuff". Fast Company. Retrieved 2020-02-15.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Nayab, N. (2010-04-27). "The Difference Between CMMI vs CMM". Bright Hub PM. Retrieved 2020-02-15.

[2] Humphrey, W. S. (March 1988). "Characterizing the software process: a maturity framework". IEEE Software. 5 (2): 73–79. doi:10.1109/52.2014. ISSN 0740-7459. S2CID 1008347.

[sei93cmm-3] 1 2 Paulk, Mark C.; Weber, Charles V; Curtis, Bill; Chrissis, Mary Beth (February 1993). "Capability Maturity Model for Software (Version 1.1)" (PDF). Technical Report. Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University. CMU/SEI-93-TR-024 ESC-TR-93-177. Archived (PDF) from the original on 2011-01-03.

[McKay-4] 1 2 McKay, Vivienne. "What is the Capability Maturity Model? (CMM) | Process Maturity | FAQ". www.selectbs.com. Retrieved 2017-03-20.

[5] White, Sarah K. (2018-03-16). "What is CMMI? A model for optimizing development processes". CIO. Retrieved 2020-06-04.

[yourdon89msa-6] Yourdon, E. (1989). 1989. Modern Structured Analysis . New York: Prentice Hall. ISBN 978-0135986240.

[weinberg92qsm-7] Weinberg, G. M. (1992). Quality Software Management: Anticipating Change. Vol. 1: Systems Thinking. New York: Dorset House Pub. ISBN 978-0-932633-72-9.

[demarcolister97wwb-8] DeMarco, T.; Lister, T. (1997). Waltzing with Bears: Managing Risk on Software Projects. New York: Dorset House Pub. ISBN 978-0-932633-60-6.

[9] "CMMI-Six Sigma, their roots". Process Enhancement Partners, Inc. 2011-01-23. Retrieved 2018-05-11.

[10] Nolan, R. L. (July 1973). "Managing the computer resource: A stage hypothesis". Comm. ACM . 16 (7): 399–405. doi: 10.1145/362280.362284 . S2CID 14053595.

[11] "People Capability Maturity Model (P-CMM) Version 2.0". resources.sei.cmu.edu. Retrieved 2017-01-17.

[crosby79qif-12] Crosby, P. B. (1979). Quality is Free . New York: New American Library. ISBN 0-451-62247-2.

[13] Humphrey, W. S. (March 1988). "Characterizing the software process: A maturity framework" (PDF). IEEE Software . 5 (2): 73–79. doi:10.1109/52.2014. S2CID 1008347.

[watts89msp-14] Humphrey, W. S. (1989). Managing the Software Process. SEI series in software engineering. Reading, Mass.: Addison-Wesley. ISBN 0-201-18095-2.

[15] Paulk, Mark C.; Weber, Charles V; Curtis, Bill; Chrissis, Mary Beth (1995). The Capability Maturity Model: Guidelines for Improving the Software Process . SEI series in software engineering. Reading, Mass.: Addison-Wesley. ISBN 0-201-54664-7.

[16] Juran (2010-08-26). Juran'S Quality Hb 6E. McGraw-Hill Education (India) Pvt Limited. ISBN 9780071070898.

[17] Natarajan, R (2015). Proceedings of the International Conference on Transformations in Engineering Education. Springer.

[18] State of Michigan SDLC Appendix on CMM Attests to 2001 use of the text so it couldn't have come from here.

[19] "CMMI Adoption Trends - 2019 Mid Year Update". CMMI Institute. 2019-10-21.

[20] Fishman, Charles (1996-12-31). "They Write the Right Stuff". Fast Company. Retrieved 2020-02-15.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]