Capability maturity model
What Is the Capability Maturity Model?
The Capability Maturity Model (CMM) is a framework for assessing and improving the processes used to develop, acquire, and maintain software and other engineered products. Developed at the Software Engineering Institute (SEI) at Carnegie Mellon University in the mid-1980s under U.S. Department of Defense sponsorship, it provides a structured progression of process improvement levels through which organizations can move from ad hoc, unpredictable practices toward disciplined, quantitatively managed, and continuously improving operations. The framework has since evolved into the Capability Maturity Model Integration (CMMI), which extends coverage beyond software to include systems engineering, hardware acquisition, and service delivery.
The CMM draws from quality management traditions established by W. Edwards Deming and Philip Crosby, adapting process maturity concepts to the specific challenges of large-scale software development. Its primary contribution is making process improvement measurable: organizations can be formally appraised and assigned a maturity level, which functions as a signal of process capability to customers and government contracting agencies.
Maturity Levels and Process Areas
The staged representation of CMMI defines five maturity levels. Level 1 (Initial) describes processes that are unpredictable and reactive, succeeding through individual heroics rather than repeatable practice. Level 2 (Managed) introduces project-level management disciplines, ensuring that requirements, schedules, and commitments are tracked. Level 3 (Defined) establishes organizational-level standard processes from which project teams tailor their local procedures, enabling consistency across projects and improving both software performance and reusability of process assets. Level 4 (Quantitatively Managed) applies statistical process control to key process areas, establishing quantitative baselines and tolerances. Level 5 (Optimizing) uses these measurements to drive systematic process innovation and defect prevention. As documented in the original SEI Capability Maturity Model technical report, each level is characterized by specific Key Process Areas (KPAs) whose goals and practices must be institutionalized before advancement.
Continuous Representation and CMMI
The Capability Maturity Model Integration (CMMI) introduced a continuous representation alongside the staged representation. In the continuous model, organizations select specific process areas for improvement independently, expressing each at a capability level from 0 to 3, rather than being required to satisfy all process areas at a given tier before advancing. This allows organizations with uneven practices or domain-specific priorities to improve targeted areas without conforming to a uniform maturity profile. CMMI v2.0, released in 2018 by the CMMI Institute, reorganized process areas into practice groups and introduced a simplified ten-level performance rating scale for appraisals, reducing complexity while maintaining the core principle of progressive institutionalization.
Process Appraisal
Formal appraisal against CMMI is conducted by certified lead appraisers using the Standard CMMI Appraisal Method for Process Improvement (SCAMPI). A SCAMPI Class A appraisal, the most rigorous tier, results in an official maturity or capability level rating that is entered into a publicly accessible appraisal database maintained by the CMMI Institute. Organizations seeking U.S. Department of Defense contracts or ISO-aligned quality certifications frequently use CMMI ratings as evidence of process governance. The appraisal process examines document artifacts, interviews practitioners, and verifies that defined processes are actually followed rather than merely documented. Research published through IEEE Xplore on software process improvement has consistently found correlations between higher CMMI levels and improved schedule predictability and defect density reduction.
Applications
The Capability Maturity Model has applications in a range of fields, including:
- Government and defense software acquisition quality assurance
- Commercial software product development and quality management
- Systems engineering program management in aerospace and defense
- IT service management and outsourcing contract evaluation
- Process benchmarking across development organizations