Ask The CMMI Appraiser!

Wednesday, September 10, 2025

We need CMMI Level 3. What are the different types of appraisals, and which one do we need?

We need to achieve a CMMI Level 3 Rating. What are the different types of appraisals, and which one do we need? ~ Ima konFuse

Three tips for succeeding with CMMI

Dear Ima,

Great question! It can be confusing sometimes. After all, there are four different appraisal types, and sometimes even Lead Appraisers seem confused about it.

I'll give you the short answer first. If this is your first time 'round with CMMI, you'll need a "Benchmark Appraisal." Let me explain:

Benchmark Appraisal

A Benchmark Appraisal is the "gold standard." It's the only appraisal type that results in a first-time CMMI Rating. It's evidence and resource intensive, requires a team size of four or more, and it led by a Certified CMMI Lead Appraiser. The Lead Appraiser must also be certified in the Domain your are adopting at your company (CMMi Development or CMMI Services primarily, although there are six other lesser known domains). Benchmark Appraisal Ratings have a validity perioud of three years.

Sustainment Appraisal

A Sustainment Appraisal is a special appraisal used to "extend" or renew the validity period of an existing rating, and can extend it for up to two more years. There is a lower evidence and resource requirement as compared to the Benchmark, and it has a minimum team size of two. The organization must "qualify" for the sustainment by convincing the Lead Appraiser and ISACA that not much has changed since the last successful Benchmark. Large growth or contraction, change in management, and reorganization of the company are all examples of disqualifiers. An organization can always conduct a Benchmark to renew their rating, in fact, most do.

Action Plan Reappraisal

"Back in the day" the SEI used to say "there are no delta appraisals." That meant that if an organization did not reach CMMI ML3 in their appraisal, even by one single practices, the entire appraisal had to be conducted again. This changed in V2 of the CMMI. Now, if you fail by less then 5% of total practices, and the practices can be legitimately addressed within 120 days, then the team can reconvene and test those practices. If they are all in the "Largely Met" or higher category, then the original Benchmark is updated to reflect the CMMI rating. Like the Sustainment Appraisal, the Action Plan Reappraisal (APR) must be approved by the Lead Appraiser and ISACA.

Evaluation Appraisal

Prior to V2 of the CMMI, we had "SCAMPI A" (currently known and the Benchmark), "SCAMPI B" (often used as a practice run), and "SCAMPI C" (often used as a gap analysis tool). Since V2, SCAMPI has been eliminated, and the "Evaluation Appraisal" serves to support what use to be SCAMPI B and C. In other words, and Evaluation Appraisal is "whatever you want it to be." This has caused significant confusion in the market, as many of our clients ran through a three phase cycle of "C, B, and A." In order to compensate for that market confusion, Broadsword has "Evaluation B" and an Evaluation C" styled appraisals, giving our clients the same familiar experience they are accustomed to.

So - bottom line, you MUST have a Benchmark Appraisal to achieve CMMI ML3 (at least for the first time).

Like this blog? Forward to your nearest engineering or software exec!

Jeff Dalton is a Certified Lead Appraiser, Certified CMMI Instructor, author, and consultant with years of real-world experience with the CMMI in all types of organizations. Jeff has taught thousands of students in CMMI trainings and has received an aggregate satisfaction score of 4.97 out of 5 from his students.

What is CMMI?

Visit www.broadswordsolutions.com for more information about running a successful CMMI program.

Visit CMMI-TV to see some cool videos about CMMI, Agile, and More

Visit https://askthecmmiappraiser.blogspot.com/ to see the old (V2) Blog (lots of content!)

Thursday, August 28, 2025

ISACA Changes their IP policy regarding CMMI. What does that mean to us?

Hey Appraiser!

Our consultant just told us we had to purchase an Enterprise license in order to conduct a CMMI Appraisal now - what gives? ~Monet Grabba

3 Tips for passing you CMMI Appraisal!

Monet,

With the release of CMMI v3.0 also came a new IP policy. They discussed doing this when V2 came out, but wisely backed off. No longer.

The new policy is that the Practice names (statements), Value Statements, Intent, and examples are proprietary and cannot be shared with anyone who does not have an active license for the CMMI Model Viewer.

Many of these are the same exact practices that were in v1.3, which was, practically speaking, public domain because it was build with taxpayer dollars. It's gonna be hard to stuff that back in the bag.

What this means for Lead Appraisers and companies adopting CMMI without a license, is that appraisal results CANNOT state the name of the practice that is being reviewed and "scored" (characterized). So...if I need to tell a client that the 1st practice in Estimating has a weakness, that's all I can tell them, unless they have an active license for EVERYONE that is in the room!

Now, don't get me wrong. I know the fine folks at ISCA fairly well, and they're smart people, but this stuff ain't rocket science. "Establish an Estimate" (I paraphrase here so I don't get lashed with a wet noodle) isn't the stuff of process innovation. Most of CMMI descibes actions smart people would take if they have the right tools and training.

I understand the examples, value intent statements, and explanatory material. That is truly original (though sometimes uninspiring). But the practice names have been around, in some form, since v1.0, and everyone has them already.

Nevertheless, those are the new rules. So, if you're going to adopt CMMI you should get an enterprise license. You'll want it anyhow - there's actually some great stuff in there.

For further guidance, including training resources and instructional materials, please refer to www.broadswordsolutions.com or explore instructional content on CMMI, Agile methods, CMMI Appraisals, CMMI Training, and more via CMMI-TV .

Sunday, August 3, 2025

What do the "Characterizations" in a CMMI Appraisal Mean?

Dear Appraiser,

I keep hearing about "Characterizations" in the CMMI, like FM, LM, PM, and DM. What do these means? ~ Mick Filipini

Want to pass your CMMI Appraisal? Here's what not to do!

Hey Mick - good question!

When we conduct Benchmark appraisals we need a way to "score" each practice based on the two types of objective evidence - artifacts and affirmations. Each appraisal looks at both in order to determine each practice's strength. This is done by examining "artifacts" (documents, databases, videos, etc), and "affirmations," within the context of the organization's goals, and the Intent and Value statement of the Practice Area.

Fully Met (FM) = There is plenty of documentary and spoken/written evidence to convince the Appraisal Team that that practice is healthy and complete, given the context of the organization being appraised. The team has no indication that there are weaknesses, and all believe the practice is being executed well. This is like getting an "A" on a paper.

Largely Met (LM) = There is also plenty of evidence in both categories, but the team feels there is some improvement to be made, and they will tell you exactly what that is. Examples include: Not ALL projects were as strong as others, one piece of evidence wasn't as strong as the others, or maybe the method chosen to perform a piece of work might have been better by applying a different method. I see a lot of appraisals that use "planning poker" in a setting where that may not make sense. This is like getting a "B" on a college paper. You can have some of these and still be rated ML2/3/4/5, but there are caveats.

Partially Met (PM) = There is some evidence the practice is being performed effectively, but there are major holes, and they need to make improvements. For instance, maybe they are performed estimating using "Wide Band Delphi" but they didn't execute it the way it is intended. This is like getting a D on a college paper. You generally can't have any of these, although there are scenarios where you could pass if a project has one of these babies.

Doesn't Meet (DM) = There is little evidence that the practice is being performance. This is like getting an F. The presence of a single DM usually means a fail, but like PM, there are exceptions.

In a perfect appraisal, these are the only four characterizations that we would see, but there are two more!

Not Yet (NY) = The project hasn't reached the point in the project where they should be performing the practice. This is usually either a sampling error (why was that project selected for that Practice Area) OR a misunderstanding of the intention of the practice. We see this with Validation and Verification, where an organization claims they haven't reached testing, not realizing that these practices should also apply to earlier actions on the project, like planning or requirements. The final outcome of an NY depends on what other projects in the sample have scored, and the Appraisal team's view as to what affect that has on the overall organization.

Not Rated (NR) = When the appraisal team can't reach a consensus on the characterization, thereby forcing the end of the appraisal without rating the organization at a maturity level. This is usually a failure of the appraisal team, or dare I say it, a failure of the Lead Appraiser to facilitate the team's consensus. Once in a while, we have an Appraisal team member that refuses to compromise also - but that's rare.

So that's the system - here's to you all getting FMs and LMs!

Thursday, July 17, 2025

Is CMMI Good for Start-Ups?

Dear Appraiser,

I am a business owner exploring the implementation of the Capability Maturity Model Integration (CMMI) framework within my startup. Prior to seeking formal consultation or expert guidance, I would like to understand the foundational steps I should undertake to ensure an effective and smooth introduction of CMMI into my organization. ~Guy Newman

Use CMMI to make your startup awesome!

Dear Guy,

Thank you for your thoughtful inquiry. Preparing for the implementation of CMMI is a commendable step toward enhancing organizational performance, and initiating this journey with clarity and intention can significantly improve your likelihood of success.

Establishing a Strategic Foundation

The first and most critical step in preparing for CMMI adoption is the articulation of your organization’s overarching goals. As CMMI is fundamentally a performance improvement model, its effectiveness is inherently linked to its alignment with your strategic objectives. Establishing clear, organization-wide goals provides a foundational framework upon which CMMI practices can be structured and evaluated.

Aligning Organizational Strategy with Performance Objectives

It is essential that these goals be not only well-defined but also strategically aligned with your organizational timeline—whether that includes short-term fiscal targets or longer-term growth projections. By grounding CMMI efforts in the strategic direction of the company, you enhance coherence across functions and improve the model's integration into everyday operations.

Goal Formulation: Precision and Clarity

When crafting performance objectives, clarity and specificity are paramount. While concise, one-sentence goals (e.g., “Increase annual revenue by 20%”) are helpful for maintaining focus, they may lack the detail required to support process improvement initiatives over time. Ideally, objectives should be articulated in one to two succinct sentences, offering both clarity and sufficient scope to facilitate the development of measurable sub-goals.

Cultural Readiness: Startups vs. Established Enterprises

A common question arises regarding which types of organizations are better positioned for CMMI adoption—startups or established firms. Startups often benefit from greater flexibility and fewer entrenched processes, which can ease the transition to a structured model like CMMI. In contrast, more established organizations may encounter cultural resistance due to longstanding habits and legacy systems. Nevertheless, with strong leadership and clear communication, such organizations can successfully align their core values and operational practices with CMMI principles, yielding substantial performance gains.

Monday, July 14, 2025

How to be more agile TODAY

Hi Appraiser

I'm having some trouble. My boss keeps telling me to be 'more Agile.' what does that even mean? And how can I make an immediate turn toward Agility? ~Walter Fall

HI Walter,

We hear it all the time: "Be more agile!" But what does that really mean, and how can we actually start implementing it today?

Well, you're in luck, I've got three practical steps you can take right now to embrace agility.

On Airplanes and Agile

Involve Your Customer More Closely

The foundation of any successful agile project is a deeply involved customer. By integrating your customer as a product owner who can speak for the project, you're setting yourself up for success. If your customer isn't part of the team and doesn't have a voice in the project, it's like building a house without blueprints or feedback—you may end up with something you didn't expect.

Empower Teams to Define Their Processes

Agile isn't about sticking rigidly to one process; it's about evolution and improvement through retrospectives. Allow your teams the autonomy to define and refine their processes throughout the project. As they learn and adapt, so too will the processes, resulting in a more efficient and responsive way of working.

Clearly Define Roles and Accountabilities

Nothing steers a project off course quicker than uncertainty about roles and responsibilities. By clearly defining these at the outset, you give your team members the authority and responsibility to make decisions. This empowerment reduces the need for senior management intervention and streamlines the decision-making process, leading to a more agile project.

Implement these three steps, and you'll start feeling more agile right away.

Like this blog? Forward to your nearest engineering or software exec!

What is CMMI?

Visit www.broadswordsolutions.com for more information about running a successful CMMI program. Visit CMMI-TV to see some cool videos about CMMI, Agile, and more.

Monday, June 30, 2025

What Are the Different Levels of CMMI?

Hi Appraiser,

What happens when a customer requests that we become CMMI level three, or even level five? It's often hard to see the differences, right?

Signed,

Confused About the Difference. Hi Confused!

Actually, the distinctions between the Capability Maturity Model Integration (CMMI) levels are quite meaningful. Each level represents a progression of capabilities through the adoption of organized best practices within the organization's processes.

Let’s break it down:

Level 1: Initial

This is the foundational stage where the focus is purely on getting the work done. Organizations operating at this level may do a good job but aren’t necessarily focused on strategic processes or continuous improvement.

Level 2: Managed

At this stage, projects begin to organize around more structured process frameworks. There’s an emphasis on ensuring that project activities are being properly managed and measured, signaling the beginning of continuous improvement efforts.

Level 3: Defined

Organizations at this level are taking a broader view, applying established processes across projects. There's a consistent use of enterprise metrics and regular adoption of continuous improvement techniques to enhance performance.

Level 4: Quantitatively Managed

Here, the use of statistical models comes into play, underpinning performance improvements through data and metrics. This level reflects a sophistication in process management, where decisions are informed by hard data.

Level 5: Optimizing

The pinnacle of CMMI maturity, where statistical process models are applied across all facets of the organization. This ensures continuous improvement processes are deeply embedded, leveraging data for overall organizational benefit.

From Level 1 to Level 5, it’s an evolutionary journey for organizations to mature their processes, aiming to maximize efficiency and effectiveness by utilizing data and structured practices.

Like this blog? Forward to your nearest engineering or software exec!
Jeff Dalton is a Certified Lead Appraiser, Certified CMMI Instructor, author, and consultant with years of real-world experience with the CMMI in all types of organizations. Jeff has taught thousands of students in CMMI trainings and has received an aggregate satisfaction score of 4.97 out of 5 from his students.

What is CMMI?

Visit www.broadswordsolutions.com for more information about running a successful CMMI program.
Visit CMMI-TV to see some cool videos about CMMI, Agile, and More.

Thursday, June 26, 2025

How CMMI can help with CMMC (and ISO) adoption

How CMMI V3.0 Could Help You Conquer CMMC V2.0 (Without Losing Your Sanity)

* Disclaimer: Jeff Dalton is a board member at CyberAB, and is precluded from delivering CMMC-related services for a period of 2 years after his term has ended. Broadsword neither sells nor markets CMMC services.

Struggling to maintain all of your government CERTS?

Okay, folks. Imagine this: You’ve just heard that the Cybersecurity Maturity Model Certification (CMMC) V2.0 is the latest must-have accessory for any defense contractor or supplier who wants to stay in the game. You might be thinking, “How do I make this work with all the other processes and certifications I already have?” Enter CMMI V3.0—the superhero of process improvement, here to help you survive this new world of cybersecurity compliance, without turning into a stressed-out puddle of nerves.

Here’s how CMMI could help you implement CMMC V2.0 like a pro—without the crying and hair-pulling.

1. Aligning Business and Cybersecurity: Because Who Wants to Juggle Two Different Worlds?

CMMI V3.0: This guy is all about linking process improvements to business outcomes like customer satisfaction, productivity, and those mythical things we call "efficiency."
CMMC V2.0: This one’s a bit more intense. Based on NIST 800-171, It’s got your back when it comes to safeguarding Controlled Unclassified Information (CUI). No one's stealing your secrets, buddy.

How CMMI V3.0 Can Help: Wouldn't it be nice if you didn’t have to choose between your business goals and cybersecurity? CMMI V3.0 can help you connect the dots between the two. It’s like setting up a dating profile for your business and cybersecurity goals. “Looking for mutual understanding, growth, and lots of collaboration.” CMMC's cybersecurity goals would seamlessly integrate into your broader strategy without breaking a sweat. Romantic, right?

2. Scalable Maturity Models: Because We All Want to Get Better, but Not Overnight

CMMI V3.0: Offers five levels of maturity, from “meh” to “wow, look at you go!” It’s a process of gradual improvement, one awkward baby step at a time.
CMMC V2.0: Same deal, but three levels—everything from “basic hygiene” (no, not THAT hygiene) to “advanced security practices” (aka your cybersecurity is so tight even James Bond would be impressed).

How CMMI V3.0 Can Help: CMMI V3.0 would let these two frameworks walk hand-in-hand, like an ideal couple. As your organization matures in CMMI, you can simultaneously level up your CMMC compliance. It’s like getting a gym buddy who shows up every day. Together, you’ll get stronger, more secure, and less likely to collapse in a heap.

3. Integrated Governance: For When Your Company Needs a Little “Tough Love”

CMMI V3.0: Governance is all about creating clear, documented processes and making sure everyone is following the rules. It’s like having a really strict librarian who checks over your shoulder to make sure you’re reading the right book.
CMMC V2.0: Requires you to establish strict governance over your cybersecurity efforts too. No, this doesn’t mean you get to be the "cybersecurity sheriff" at the office (but imagine the badge!).

How CMMI V3.0 Can Help: Imagine having the ultimate “cybersecurity watchdog” at your disposal. With CMMI V3.0, you get shiny new tools—like real-time dashboards and audit trails—that help keep track of all your compliance activities without breaking a sweat. No more scrambling through piles of paper or scrolling through endless email chains trying to prove you’ve got your act together.

4. Process Improvement for Cybersecurity: Because Even Cybersecurity Needs a Tune-Up

CMMI V3.0: This model is about making things work better. Think: better risk management, incident management, and configuration management. It’s like fixing up an old car—just with more spreadsheets.
CMMC V2.0: It’s the fancy new sports car that needs to be carefully maintained with precise cybersecurity practices. If something’s off, you’ll know it!

How CMMI V3.0 Can Help: You don’t need to treat CMMC like some separate thing. CMMI V3.0 would help you integrate cybersecurity directly into your everyday process improvement. It’s like having a mechanic who can not only fix the engine but also make sure it’s well-oiled for maximum performance. Incident management? Risk assessment? Check and check. You’ve got it all covered!

5. Documentation and Evidence: Because You Can’t Just Say You Did It (Spoiler: You Have to Prove It)

CMMI 3.0: We all know that good documentation is key—plans, procedures, metrics. Without it, you’re just a business without a paper trail. And that’s basically like being a superhero without a cape.
CMMC V2.0: You gotta document everything. Every incident response. Every access log. Every cybersecurity procedure, like you're preparing for a NASA mission.

How CMMI V3.0 Can Help: Imagine if CMMI V3.0 made documentation as easy as taking a selfie. (Okay, maybe not that easy, but close.) By helping you integrate cybersecurity documentation with your regular process improvement docs, CMMI V3.0 would make it a breeze to collect and organize the evidence you need for CMMC audits. No more scrambling at the last minute. You’ll look like the most organized person in the room. You're welcome!

6. Employee Training and Awareness: Because You Can’t Just Tell People, You Gotta Show Them

CMMI V3.0: Employee training is crucial. It’s like teaching your team the secret sauce of success—processes that everyone needs to follow to improve the company.
CMMC V2.0: If you think employee training for CMMI is tough, try training them in cybersecurity. We’re talking about protecting CUI, not the company coffee machine.

How CMMI V3.0 Can Help: Instead of making training feel like a boring lecture on a Friday afternoon, CMMI V3.0 could offer training modules that help employees learn about cybersecurity while also mastering process improvement. It’s a win-win—your team gets smarter about both CMMI and CMMC without the pain of attending yet another workshop.

7. Real-Time Monitoring and Feedback: So You Don’t Have to Guess How You’re Doing

CMMI V2.0: Gives you feedback in real-time, so you’re not left in the dark wondering how your process improvements are progressing.
CMMC V2.0: Requires you to constantly monitor cybersecurity efforts. Yes, it’s a lot of work, but think of it like a fitness tracker for your organization.

How CMMI V3.0 Can Help: With CMMI V3.0, you can track both your process maturity and your cybersecurity compliance in real time. It’s like having a GPS for your business—except it doesn't just tell you where you’re going, it tells you how fast you’re going, how much fuel you have left, and if you’ve passed the last exit for “Cybersecurity Best Practices.”

8. Integrating Cybersecurity and Risk Management: Because Cybersecurity Isn't Just a "Side Job" Anymore

CMMI V2.0 Risk Management: Think of CMMI as the thoughtful planner who sits down and evaluates risks from every angle—so nothing surprises you later.
CMMC V2.0 Risk Management: Requires a similar, but more intense, focus on cybersecurity risks—except now you have to be prepared for potential hackers and cyber threats that could derail your entire operation.

How CMMI V3.0 Can Help: With CMMI V3.0, you can bring your cybersecurity risk management into the broader enterprise-wide risk management framework. It’s like upgrading from a bicycle to a rocket ship. You’ll handle cybersecurity risks AND general business risks with the grace of a ballet dancer on roller skates.

Conclusion: CMMI V3.0—Your Ultimate Sidekick for Conquering CMMC V2.0

While CMMI V2.0 has already done wonders for organizations looking to implement CMMC V2.0, the potential of CMMI V3.0 could make the whole process feel less like a battle and more like a well-choreographed dance. With improved tools, real-time monitoring, and integrated frameworks, CMMI V3.0 can help you embrace CMMC compliance with open arms. And, let’s face it, in today’s world of cybersecurity, that’s about as close to superhero status as you’ll get.

So, strap in, folks. The future of CMMC V2.0 and CMMI V3.0 is looking brighter—and much less stressful—than ever before.

Wednesday, June 25, 2025

Are CMMI Appraisals really too expensive?

How NOT to pass a CMMI Appraisal

I love a good game of “bunchball.”

You’ve seen it: a dozen little Pelés chasing the soccer ball down the field, every one of them trying to score the goal that wins the game. Eventually, one fast kid breaks away, gets a clean shot, and—yippee!—saves the day with the only goal scored. The team wins.

Fun to watch? Absolutely. Championship-level play? Not quite.

Meanwhile, there’s always one kid who hangs back—playing defense, watching the field, covering the goal. Not chasing glory, just playing their role. That kid isn’t flashy, but they’re going places. Why? Because they’re playing the game, not just the moment.

Sound Familiar?

At recent CMMI events, there’s been growing concern that CMMI appraisals are too expensive. Attendees talk about thousands of hours spent preparing, assembling documents, and scrambling to “get ready.” The cost, some argue, far exceeds the benefit.

If that’s really true—yes, we should be concerned.

But it raises an important question: Are these organizations truly operating at the level they’re trying to appraise? Or are they just playing a high-stakes version of bunchball?

Visualizing the Problem

Anyone who knows me knows I love whiteboards. I’m a visual thinker, and I often sketch out problems to get clarity. One of my favorite drawings is a (very rough) cliff scene with two sets of stick figures:

One group is clawing their way up the cliff, fingernails barely holding on, shouting:
“Whooo hoooo! We MADE Level Three!”
The other group is already on top of the cliff, lifting barbells, stretching, and quietly saying:
“We ARE Level Three.”

Now tell me—which appraisal was “too expensive”?

It’s Cheaper to Be Great

Here’s the reality: appraisals only feel expensive when organizations aren’t truly performing at the level they’re aiming for.

If your team is spending months digging up “evidence,” assembling PIIDs, and creating artifacts from scratch just to meet the requirements—you’re not appraisal-ready. Not yet.

That doesn’t mean you’re not doing great work. It just means you haven’t built a systemic approach yet. You’re still chasing the ball around the field.

The Championship Analogy

Let’s imagine a school principal tells a youth soccer coach:

“You must win the league championship before the end of fiscal year 2014.”

The coach might:

Hire consultants to teach a few winning techniques from last year
Bring in “ringers” to fill key roles like goalie
Assign consultants to shadow players and correct every mistake
Lobby the league for friendly referees

Sure, they might win a few games. But when the season ends, they’re still just a bunchball team.

Now imagine a wiser coach replies:

“We’re not ready to win the championship yet, but we can have a winning season.”

And then that coach:

Trains and practices regularly
Teaches kids to play their positions and work as a unit
Brings in experts to build skills, not just win trophies
Puts players in roles suited to their strengths
Gets honest, unbiased feedback from referees

That’s how real champions are built. And it’s the same with organizations pursuing CMMI maturity.

Appraisals Aren’t the Problem—Readiness Is

CMMI is a global benchmark of excellence. If we want appraisals to mean something, they should be challenging. But they don’t have to be expensive.

If an organization is already operating at Maturity Level 2 or 3, proving it shouldn’t be painful. The cost of the appraisal is reasonable, because the behaviors are already present.

If you’re not quite there yet? Trying to appear ready can cost a fortune—and might still fall short.

“But What About All the Paperwork?”

Good question. Someone at a recent conference asked:

“Don’t document inventories take a huge amount of time?”

They can—but they shouldn’t.

In a well-run ML2 or ML3 organization, work products are well-managed. Strong Configuration and Data Management practices mean artifacts are easy to locate and demonstrate. There’s no need to compile huge inventories from scratch—because the data already exists in good order.

That means fewer headaches. Lower prep time. Lower cost.

The Bottom Line

CMMI appraisals are only expensive when you’re faking it. Not because the model is broken, but because the team isn’t ready.

It’s cheaper to be great than it is to fake it.

Focus on building capability. Develop your team. Play your positions. When you're truly performing at a high level, appraisals become proof—not a burden.

Feel free to leave me a question here or email me at AskMe@broadswordsolutions.com.

Like this blog? Forward to your nearest engineering or software exec!

What is CMMI?

Visit www.broadswordsolutions.com for more information about running a successful CMMI program.

Visit CMMI-TV to see some cool videos about CMMI, Agile, and More

Visit https://askthecmmiappraiser.blogspot.com/ to see the old (V2) Blog (lots of content!)

Monday, June 16, 2025

What does it mean when one of your customers asks you to become CMMI Level 3?

Hi Appraiser,

What does it mean when one of your customers asks you to become CMMI Level 3, or maybe even

Level 5? What are the differences between these levels?

Thanks for your help! ~Leval Uhp

Great Questions Leval!

Each of these levels has a specific meaning in the world of CMMI (Capability Maturity Model Integration).

The CMMI model includes anywhere between 19 and 21 practice areas, depending on the domain you

choose.

Whether you're at Level 1 or Level 5, all of these practice areas are included. The key difference lies in

which practices within each area are adopted and implemented ("practice groups") CMMI is a

comprehensive framework of best practices organized by Practice Area.

When we conduct an appraisal, we examine these Practice Areas, and the appropriate Practices within them

that correspond to Practice Group l - 5.

Let's break down each level:

**Level 1: Initial**

At Level 1, the focus is primarily on just getting the work done. There's little emphasis on continuous

improvement or organizational strategy. I instead, the aim is to accomplish tasks effectively, even though

practices may not be formalized.

**Level 2: Managed**

By the time an organization reaches Level 2, processes are more structured. Projects start to organize

themselves from a process standpoint by measuring performance and ensuring process adherence,

paving the way for continuous improvement within the CMMI framework.

**Level 3: Defined**

Level 3 takes a broader enterprise approach. Organizations at this stage implement processes and metrics

that apply enterprise-wide to ensure consistency and continuity across various projects. The regular

adoption of continuous improvement techniques becomes a priority for overall company performance

enhancement.

**Level 4: Quantitatively Managed**

Here, the focus shifts to using data-driven approaches to getting work done. Organizations develop

statistical process performance models to leverage data and statistics to drive performance improvements.

**Level 5: Optimizing**

At the pinnacle, Level 5, organizations apply quantitative Process Performance Models ("PPMs") across

selected processes within the product ora service lifecycle.

This level exemplifies a mature use of data and enterprise processes to enhance capabilities and processes

comprehensively.

So, the transition from Level 1 to Level 5 is an evolutionary journey. Starting at Level 1, organizations are

in the early stages of their continues improvement journey; by Level 5 they are fully mature, leveraging

data, enterprise metrics, and processes to their fullest potential.

Like this blog? Forward to your nearest engineering or software exec!

What is CMMI?

Visit www.broadswordsolutions.com for more information about running a successful CMMI program.

Visit CMMI-TV to see some cool videos about CMMI, Agile, and More

Visit https://askthecmmiappraiser.blogspot.com/ to see the old (V2) Blog (lots of content!)