Listen to this Post

Introduction:
The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) provides a structured framework for organizations to evaluate and improve their threat intelligence processes, but traditional assessments often require expensive consultants and raise data privacy concerns. A new open-source tool now allows you to self-assess your CTI maturity entirely in your browser via a local-only web server—meaning your sensitive assessment data never leaves your machine, and you can even host it internally using Docker or Python.
Learning Objectives:
- Understand the CTI-CMM domains and how to score your organization’s current vs. target maturity.
- Deploy a privacy-preserving assessment tool locally using Docker, Docker Compose, or Python’s HTTP server.
- Leverage auto-saving, JSON data export/import, and planning features to prioritize improvements in your CTI program.
You Should Know:
- Deploying the CTI-CMM Assessment Tool – Local & Secure
The tool from Cosive (online assessment at https://lnkd.in/g_SReequ) is also fully hostable via a GitHub repository (https://lnkd.in/gZU682Uq). Running it locally ensures no assessment data is transmitted over the network. Below are step‑by‑step guides for both Docker and lightweight Python methods.
Step‑by‑step: Docker deployment (Linux/macOS/WSL)
Prerequisites: Docker, Docker Compose, and make installed docker --version Verify Docker docker-compose --version Verify Compose make --version Verify make (pre-installed on macOS/Linux) Clone the repository (replace <repo-url> with actual from the GitHub link) git clone https://github.com/cosive/cti-cmm-assessment.git cd cti-cmm-assessment Use the provided Makefile for easy start/stop make start Builds and runs the containerized web server on localhost:8080 make stop Stops the container
For Windows without WSL, use Docker Desktop with PowerShell:
git clone <repo-url> cd cti-cmm-assessment docker-compose up -d Access at http://localhost:8080 docker-compose down
Step‑by‑step: Python HTTP server (no Docker)
Navigate to the directory containing index.html (after cloning) cd cti-cmm-assessment python3 -m http.server 8000 --bind 127.0.0.1 Access via http://127.0.0.1:8000
This serves the tool only on localhost, blocking external access. On Windows, use `python -m http.server 8000` (ensure Python is in PATH).
2. Understanding the Assessment Interface & Data Privacy
Once the tool is running, your browser loads the CTI-CMM assessment. All scores, notes, and planning data are saved automatically to localStorage – no cookies, no external APIs. The web server is strictly local; even if you use Docker, the container binds to 127.0.0.1 by default.
How to verify no data leaves your machine:
- Open Developer Tools (F12) → Network tab. While scoring, you’ll see zero requests to external domains.
- The tool’s source code (available on GitHub) contains no tracking pixels or analytics.
- Export your assessment as a .json file – this file remains on your computer unless you share it manually.
3. Running the Assessment: Benchmark vs. Planning Mode
The tool offers two modes:
- Benchmark Mode – rate your current maturity across 11 CTI-CMM domains (e.g., Threat Intelligence Strategy, Collection, Analysis, Dissemination).
- Planning Mode – set target scores, impact, effort, and priority for each practice.
Step‑by‑step to conduct an assessment:
- On the main dashboard, click each domain to expand sub‑practices.
- For each practice, select a maturity level (0–5) using the dropdown.
- Toggle Planning Mode to enter target scores and rate improvement effort (1–5) and impact (1–5).
- The tool automatically calculates priority (impact × effort) and populates the Priorities Sheet where Target > Current.
Example of interpreting a score:
If your “Threat Intelligence Sharing” practice is at level 2 (repeatable) but your target is level 4 (managed), the Priorities Sheet helps you focus on that gap with the highest impact/effort ratio.
4. Advanced Data Management: Export, Import, and Backup
Because all data lives in browser storage, you can lose it if you clear cache. Use the built‑in data management features.
Exporting assessment data:
- Navigate to “Data Management” section.
- Click Export – the tool downloads a `cti_assessment.json` file containing all scores, notes, planning values, and metadata.
- Store this file in a secure location (e.g., encrypted drive or version‑controlled repository).
Importing data (for recovery or team review):
// After clicking Import, select your .json file. The tool merges the data. // To share with a colleague, they must host the same tool locally and import the file.
Security note: The JSON is not encrypted by default. If it contains sensitive maturity information, consider encrypting it before transferring (e.g., using `gpg -c cti_assessment.json` on Linux or 7‑Zip on Windows with AES-256).
5. Hardening the Local Deployment for Team Assessments
For organizations that want a shared internal assessment server (e.g., for a red team or CTI group), you can harden the Docker deployment.
Step‑by‑step hardening (Linux host):
1. Bind to a specific internal IP only (not 0.0.0.0) docker run -d -p 10.0.0.5:8080:80 --name cti-cmm cti-cmm-image <ol> <li>Add HTTP basic authentication using Nginx reverse proxy sudo apt install apache2-utils htpasswd -c /etc/nginx/.htpasswd cti_user Configure nginx to proxy to the container and require auth</p></li> <li><p>Restrict access by firewall (allow only internal subnet) sudo ufw allow from 10.0.0.0/24 to any port 8080 proto tcp sudo ufw deny 8080
For Windows (advanced), use IIS with URL Rewrite and IP restrictions, or run the container in WSL2 with a Hyper‑V internal switch.
6. Mitigating Common Deployment Issues & Commands
| Issue | Linux/macOS Solution | Windows Solution |
|-|-||
| Port already in use | `sudo lsof -i :8000` then `kill
| Docker permission denied | `sudo chmod 666 /var/run/docker.sock` (temporary) or add user to `docker` group | Run PowerShell as Administrator |
| `make` not found | `sudo apt install make` (Debian) / `brew install make` (macOS) | Install via WSL or Chocolatey: `choco install make` |
| LocalStorage cleared accidentally | Use Export/Import regularly; schedule cron job to backup `~/.config/google-chrome/Default/Local Storage/` | Use Chrome’s “Bookmarks & Settings” sync or manual JSON export |
- From Assessment to Action: Integrating Results into Your CTI Program
The tool’s output is a prioritized list of improvements. Here’s how to operationalize it:
Step‑by‑step improvement planning:
- Export the JSON and load it into a data analysis tool (e.g., pandas in Python):
import json with open('cti_assessment.json') as f: data = json.load(f) priorities = [p for p in data['practices'] if p['target'] > p['current']] sorted_priorities = sorted(priorities, key=lambda x: x['priority'], reverse=True) print("Top 3 focus practices:", sorted_priorities[:3]) - For each high‑priority practice, create a remediation ticket with timeline and owner.
- Re‑assess quarterly using the same tool to measure progress (import previous JSON as baseline).
Example command to verify your deployment is truly local:
On Linux, run `ss -tulpn | grep 8000` – you should see `127.0.0.1:8000` or [::1]:8000. Any other IP indicates exposure.
What Undercode Say:
- Key Takeaway 1: The CTI-CMM assessment tool empowers organizations to self‑evaluate without third‑party data leakage, leveraging browser‑only storage and a local web server.
- Key Takeaway 2: Docker and Python deployment methods are straightforward, but security hardening (binding to localhost, adding authentication) is essential if you expose the tool to a team network.
The rise of open‑source, privacy‑by‑design assessment tools reflects a broader shift in cybersecurity – away from vendor‑locked, cloud‑centric solutions and toward locally executable, transparent code. For CTI practitioners, this means being able to benchmark maturity against frameworks like CTI-CMM without fear of leaking threat intelligence sources, TTPs, or organizational gaps. However, the tool’s reliance on browser localStorage means that users must actively manage backups (Export JSON) to avoid losing improvement roadmaps. Future iterations could integrate encrypted cloud sync with zero‑knowledge proofs, but the current version already sets a high bar for accessible, compliant self‑assessment. As more frameworks adopt similar open‑source tooling, expect a decline in expensive consultancy assessments and a rise in continuous, data‑sovereign maturity tracking.
Prediction:
Within 12 months, we will see multiple organizations fork this CTI-CMM tool to add automated evidence collection (e.g., parsing SIEM logs to pre‑fill scores) and collaborative assessment features using end‑to‑end encrypted peer review. The shift toward local‑first security tooling will accelerate, especially for regulated industries (finance, healthcare, defense) that cannot risk sending maturity data to external SaaS platforms. Cosive’s decision to release both hosted and self‑hosted options may become the standard model for selling “assessments as a service” without sacrificing customer trust.
▶️ Related Video (76% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Mthomasson Evaluating – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


