CMMI v3 Update Explained

By Scott Dawson
February 5, 2024

What has Changed in CMMI v3.0?

CMMI v3.0 brings about strategic changes and improvements to both methodology and approach. These updates include new requirements, existing standards changes, and continuing common practices.

New Capability Area

CMMI v3.0 introduces the addition of a new Capability Area called Managing Data, recognizing the growing importance of data management. In addition, three new Practice Areas are included: Data Management (DM), Data Quality (DQ), and Workforce Empowerment (WE).

The former Practice Area, Enabling Virtual Solution Delivery (EVSD), has been renamed to Enabling Virtual Work (EVW) to better reflect its scope, which now encompasses virtual work and virtual delivery based on community feedback.

Alignment of View/Domain Information

This update also includes the alignment of view/domain information with the following domains: Data, Development, People, Safety, Security, Services, Suppliers, and Virtual. Notably, the Supplier Management view has been renamed to Suppliers for better clarity.

Addition of Context-Specific Information

CMMI v3.0 also adds Context-specific information in the areas of Data, DevSecOps, and People for both core and domain Practice Areas. The Agile with Scrum Guidance Context Specific information has been renamed to Agile Development, and all content has been updated accordingly. The Supplier Management Context Specific information is now called “Suppliers” to align with the Suppliers domain.

CMMI Consultants

Maintains Consistent Terminology

Unlike the previous CMMI Version 2.0 Model, CMMI Version 3.0 maintains consistent terminology, allowing for a smoother transition and ensuring continuity for organizations familiar with previous versions.

CMMI v3.0 Model Overview

Category Areas

Four Category Areas define practices for improved performance within an organization or project. See Figure Below.

Capability Areas

Each Category Area contains specifically defined Capability Areas, which are logical groups of related and common practices encountered in developing and delivering a product or service. See Figure Below.

CMMI v3 update categories explained

Maturity Levels

CMMI offers five Maturity Levels, with most organizations seeking ML 2 (Managed) or ML 3 (Defined), with ML 3 being the most popular. CMMI Maturity Level 3 is at the Defined level. Appraising at CMMI Level 3 means your organization is proactive, rather than reactive. The organization-wide standards guide projects, programs, and portfolios. Source ISACA CMMI Institute. See the Maturity Level graphic below.

CMMI v3 Maturity Levels Updated

Practice Areas

In CMMI ML3 there is use of organizational standard practices, assets, and tailoring that address issues, achieve organization objectives, and program objectives, and focus on overall quality. The following Practice Areas are rated at Maturity Level 3 (Configuration Management does not have any additional practices at Maturity Level 3)

CMMI Core Practice Areas (31):

• Managing Performance and Management
• Process Quality Assurance
• Configuration Management
• Monitor and Control
• Planning
• Estimating
• Requirements Development and Management
• Governance
• Implementation Infrastructure
• Causal Analysis and Resolution
• Decision Analysis and Resolution
• Organizational Training
• Risk and Opportunity Management
• Process Asset Development
• Peer Reviews
• Process Management
• Verification and Validation

Leader helping employee
cybersecurity check

Domains Specific:

Development:

• Technical Solution
• Product Integration

Data:

• Data Management
• Data Quality

People:

• Workforce Empowerment

Safety:

• Enabling Safety

Security:

• Enabling Security
• Managing Security Threats & Vulnerabilities

Services:

• Continuity
• Incident Resolution & Prevention
• Service Delivery Management
• Strategic Service Management

Suppliers:

• Supplier Agreement Management

Virtual:

• Enabling Virtual Work

CMMI v3.0 Released in April 2023

The CMMI v3.0 Model was released in April 2023 by The CMMI Institute, and beginning January 1, 2024, only CMMI V3.0 appraisals will be accepted. CMMI V2.2 will be retired in June 2024. Source: ISACA CMMI Institute

Expert Consulting

Need help implementing CMMI v3.0 to your business? Our solutions include hands-on consulting support from industry experts. We don’t leave you to figure out compliance on your own. We walk you through every step of the process.

Expert Consulting

Related Articles:

Cybersecurity Checklist

Cybersecurity Checklist

Small Business Cybersecurity Today’s cyber threats can impact any company, regardless of size or industry. But did you know that 43% of cyber-attacks are aimed at small businesses, according to...

Cyber Hygiene Practices for Every User

Cyber Hygiene Practices for Every User

What is Cyber Hygiene? Cyber hygiene refers to the practices and measures individuals and organizations take to maintain good digital health and security. Just like personal hygiene routines keep us...