The Data Security Capability Maturity Model for Information Security Technology (GB/T 37988-2019) (hereinafter referred to as "DSMM") is a national standard jointly developed by Alibaba, China Electronics Standardization Institute, National Information Security Engineering Technology Research Center, China Information Security Evaluation Center and other authoritative institutions in the industry. It was released on August 30, 2019 and officially implemented on March 1, 2020.
DSMM certification aims to evaluate an organization's ability in data security. Centered around the data collection, transmission, storage, processing, exchange, and destruction lifecycle of the organization, the data security capability of the organization is evaluated from four capability dimensions: organizational construction, institutional processes, technical tools, and personnel capabilities, according to maturity levels 1-5 (1. informal execution; 2. plan tracking; 3. sufficient definition; 4. quantitative control; 5. continuous optimization). DSMM assessment is conducted on an organizational basis, centered around data, and centered around the lifecycle of data. It evaluates four capability dimensions: organizational development, institutional processes, technical tools, and personnel capabilities, covering five maturity levels, 30 data security capability process areas, and 576 basic practices.