CISSP – Information Systems Security Management Professional (ISSMP) — Question 25

Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?

Answer options

• A. Managed level
• B. Defined level
• C. Fundamental level
• D. Repeatable level

Correct answer: C

Explanation

The correct answer is C, as the Software Capability Maturity Model (CMM) includes levels such as Managed, Defined, and Repeatable, but does not recognize 'Fundamental' as a valid maturity level. The other options are established terms used to describe various stages of process maturity in the CMM framework.