The new maturity model bridges the gap between CTI programs and organizational objectives to ensure the maximum value is derived from these investments and initiatives.

Today, Intel 471, the premier provider of cyber intelligence-driven solutions worldwide, sponsored a partnership of 28 industry leaders serving public and private organizations across the vendor and consumer community. Together, these professionals volunteered their time, effort, and experience to launch the first version of the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), designed as the first-of-its kind vendor agnostic and universally applicable resource to support organizations of all shapes and sizes across the CTI industry. In today’s evolving threat landscape, the sign of a successful Cyber Threat Intelligence (CTI) program is a mature program that seamlessly integrates with an organization’s core objectives and key outcomes.

“Unlocking the full potential of your CTI program requires alignment with the capabilities of each stakeholder it supports, and a tangible measurement of success synchronized with organizational priorities,” said Michael DeBolt, Chief Intelligence Officer at Intel 471. “The CTI Capability Maturity Model (CTI-CMM) is designed to support CTI teams in building their capabilities by aligning to defined practices for stakeholder business domains unique to each organization. The Model establishes shared values and principles across the industry to empower organizations to take a holistic approach to cyber threat intelligence with stakeholders in mind.”

“Advising numerous clients globally, I have observed a consistent need for an outcome-focused model for cyber intelligence programs. The CTI-CMM bridges the gap to help CTI programs create impactful and demonstrable value for their organization,” said Colin Connor, CTI Services Manager at IBM X-Force.

The all-volunteer team behind the CTI-CMM is comprised of professionals representing a wide range of sectors, geographic regions, backgrounds and experiences, including leaders from Intel 471, IBM, Kroger, Venation, Mandiant, IntL8, Regfast, Trellix, Autodesk, Centre for Cybersecurity Belgium (CCB), Northwave Cyber Security, Workday, Marsh McLennan, Signify, Tidal Cyber, DeepSeas, BP, Gojek, SAND and many more. These individuals created CTI-CMM to elevate cyber threat intelligence across the industry through knowledge and experiences. Together, they defined the following values and principles to support the CTI community moving forward:

Shared Values

  • Intelligence provides value through collaboration with our stakeholders and supporting their decision-making process.
  • Intelligence is never completed. Improvement is continuous. This also applies to adoption. Constant improvement is crucial for success and distinguishing from other models which failed to keep up with the time.
  • Intelligence is not proprietary, nor is it prescriptive. Therefore, the model should never be claimed by a single commercial party.

Shared Principles

  • Contextualizing threat intelligence within risk
  • Continuous self-assessment and improvement
  • Actionable intelligence based on stakeholder needs
  • Quantitative and qualitative measurement of intelligence
  • Collaborative and iterative intelligence processes

This team made the decision to design the CTI-CMM to align with industry best practices and the concepts and format of a recognized cybersecurity maturity model, the Cybersecurity Capability Maturity Model (C2M2). Similar to the C2M2, the CTI-CMM is organized into ten domains. Each domain includes a “Domain Purpose” followed by a “CTI Mission'' description describing how the CTI function supports it and consists of the CTI Use Cases and CTI Data Sources.

The CTI-CMM is the blueprint for a successful and effective CTI program. It exists to support the people who make decisions and take action to protect organizations. For more information, please visit: https://cti-cmm.org/

About Intel 471

Intel 471 empowers enterprises, government agencies, and other organizations to win the cybersecurity war using the real-time insights about adversaries, their relationships, threat patterns, and imminent attacks relevant to their businesses. The company's platform collects, interprets, structures, and validates human-led, automation-enhanced intelligence, which fuels our external attack surface and advanced behavioral threat hunting solutions. Customers utilize this operationalized intelligence to drive a proactive response to neutralize threats and mitigate risk. Organizations across the globe leverage Intel 471’s world-class intelligence, our trusted practitioner engagement and enablement and globally dispersed ground expertise as their frontline guardian against the ever-evolving landscape of cyber threats to fight the adversary -- and win. Learn more at https://intel471.com/.

Our customers’ eyes and ears outside the wire.

Erica Stuchel W2 Communications intel471@w2comm.com