Which model focuses on processes and behaviors used during software development and assigns maturity levels from 1 to 5?

• A. Capability Maturity Model Integration (CMMI)
• B. National Institute of Standards and Technology (NIST)
• C. Common Criteria (CC)
• D. Cloud Security Alliance STAR (CSA STAR)

Answer: (A)

The model described is a process maturity framework for software development that assigns levels from 1 to 5 based on how well an organization manages and improves its processes. This is characteristic of the Capability Maturity Model Integration (CMMI). CMMI focuses on how teams design, implement, measure, and continually improve their development processes, not just the final product. Each level represents a higher degree of process capability and predictability, from making do with ad hoc practices to using defined, quantitatively controlled processes and ongoing optimization. In practice, organizations use CMMI to assess process maturity, guide improvements, and benchmark against best practices across development activities.

Other options don’t fit this description: NIST provides cybersecurity standards and frameworks rather than a maturity-level model for software processes; Common Criteria evaluates product security functionality and assurance levels (not development process maturity); CSA STAR is a cloud security assurance program, not a general software development process maturity model.