CTI-CMM Self-Assessment
Ready to take your CTI program to the next level?
No matter where you are on your CTI journey, it’s good to have an understanding of the gaps in your program. This questionnaire is a lightweight self-assessment built on the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM v1.3) that offers a quick, structured way to reflect on your current capabilities. Select the answer that best describes where your program stands today. The whole assessment takes around 10–15 minutes.
At the end, you’ll receive an overall maturity tier, a plain-language evaluation of what that means for your program, a view of your highest-priority gaps, and five concrete next steps to take your maturity to the next level.
What We’re Providing You: a CTI Maturity Pulse Check
The CTI-CMM is a fantastic, community-driven framework designed to give security teams a clear roadmap for improving how they support their wider business. As active community participants and strong advocates for the model, Intel 471 is proud to be the sole sponsor of the CTI-CMM. We created this streamlined version to make the community’s framework more accessible for busy practitioners who want to kickstart their internal planning.
Here is how this assessment compares to the official benchmarking process:
| Feature | This Quick Self-Assessment | Official CTI-CMM Tool |
|---|---|---|
| Time to Complete | 10–15 minutes | ~2 hours |
| Depth | 12 representative questions | 195 detailed practice statements |
| Scoring Maximum | 36 points | 585 points |
| Best Used For | Quick health check, spotting immediate gaps, and starting internal conversations with stakeholders. | Formal, bi-annual benchmarking, maturity rating, and deep budget defence. |
| Cost | Free | Free |
This assessment distills each of the 11 domains of the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) into a single representative question with answer options mapped to the model’s maturity scale. Tiers and guidance should be treated as a directional indicator, not a definitive maturity rating. Use it to identify domains that warrant closer examination and to prepare for a more thorough assessment using the official CTI-CMM self-assessment tool.
A Note on Scoring and Tiers
Treat this questionnaire as a pulse check that will help you identify your “right-sized” maturity. The goal isn’t chasing perfection across all 11 domains, but establishing where your programme sits today so that you can have productive conversations on where your organization can focus and prioritize efforts.
Depending on your business model, some domains may be less relevant to your business. A multinational financial institution might genuinely require optimised, fully automated capabilities across all 11 domains. However, a lean security team in a mid-sized enterprise might only need repeatable, well-integrated processes in a select few areas, such as vulnerability management or incident response, to be incredibly successful. Scoring lower in non-relevant areas is okay; trying to force those processes into your programme simply to tick a box is a waste of valuable resources.