A Comparison of American and Moroccan Governmental Security Approaches

  • Rabii AnassEmail author
  • Assoul Saliha
  • Ouazzani Touhami Khadija
  • Roudiès Ounsa
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 111)


In a time where security is paramount, maturity models enable institutions to evaluate their security level and elucidate paths for improvement. Security maturity evaluation is more critical and challenging for governments in order to ensure the safety of critical infrastructure and their citizens. In this paper, we analyze and compare two governmental security approaches that of Morocco and USA. We aim to outline the common features, best practices and showcase them in their respective contexts. We started by analyzing legacy maturity models to extract comparison criteria relative to their main functions, key components, and implementation mechanics. We added a context category to reflect the approach’s legal status and the country’s resources. We then evaluate the two approaches and showcase the difference based on means of assessment and guidance, we analyze how governmental structure influences the approaches’ mandatory status. We then discuss our findings explaining why each approach is more appropriate considering context.


E-government Maturity model Information security Cyber security Morocco USA Community Cyber Security Maturity Model CCSMM Directive Nationale en Securité des Systèmes d’Information DNSSI ISO 27002 


  1. 1.
    Humphrey, W.S.: CMM. IEEE (1989)Google Scholar
  2. 2.
    Le, N.T.: Can maturity models support cyber security. In: IPCCC. IEEE (2016)Google Scholar
  3. 3.
    Karokola, G., Yngstrom, L.: Discussing E-government maturity models for developing world-security view (2009)Google Scholar
  4. 4.
    Rabii, A., Assoul, S., Ouazzani, K., Roudiès, O.: Cyber security maturity models: a systematic literature review (2018, to appear)Google Scholar
  5. 5.
    CIAS: The community cyber security maturity model. In: 6th Annual Security Conference (2007)Google Scholar
  6. 6.
    Clark, R.M., Hakim, S.: Cyber-physical security: protecting critical infrastructure at the state and local level, pp. 161–183. Springer (2017)Google Scholar
  7. 7.
    Directive Nationale de la Sécurité des Systèmes d’Information.
  8. 8.
  9. 9.
    SSE-CMM: System Security Engineering Capability Maturity Model® SSE-CMM®, Model Description, Document: Version 3.0, Carnegie Melon UniversityGoogle Scholar
  10. 10.
  11. 11.
  12. 12.
  13. 13.
  14. 14.
  15. 15.
    Rabii, M.: Director of MaCert, May 2018. Personal interviewGoogle Scholar
  16. 16.
    Von Solms, S.H.: A maturity model for part of the african union convention on cyber security. In: Science and Information Conference (2015)Google Scholar
  17. 17.
    Karabacak, B., Ozkan, S., Baykal, N.: A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness. IJCIP 15, 47–59 (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Rabii Anass
    • 1
    Email author
  • Assoul Saliha
    • 2
  • Ouazzani Touhami Khadija
    • 2
  • Roudiès Ounsa
    • 1
  1. 1.Univ. Mohammed V-Rabat, EMI, Siweb Team, E3SRabatMorocco
  2. 2.Univ. Mohammed V-Rabat, ENSMR, Siweb Team, E3SRabatMorocco

Personalised recommendations