What is the primary objective of CMMI?

CMMI's primary objective is to provide a structured framework for process improvement, enabling organizations to institutionalize repeatable practices that enhance predictability, quality, and performance across development, services, and acquisition. It organizes Practice Areas into Capability Areas and 6 Maturity Levels (0-5), focusing on institutionalization through Governance (GOV) and Implementation Infrastructure (II) practices.

Who is legally or professionally required to comply with CMMI?

No organizations are legally required to comply with CMMI, as it is a voluntary performance improvement model, but it is often contractually mandated in U.S. DoD contracts and certain public procurements. Professionally, software contractors, defense suppliers, and firms bidding on regulated tenders (e.g., aerospace, medical devices) pursue CMMI Maturity Levels for eligibility, with ISACA/CMMI Institute authorizing appraisals via certified partners.

Does CMMI require an external audit or third-party certification?

CMMI requires formal Benchmark Appraisals led by authorized Lead Appraisers for official Maturity Level ratings, functioning as external benchmarks. Evaluation Appraisals support internal evaluations; results are published only from Benchmark Appraisals, conducted by ISACA-authorized teams reviewing objective evidence of practices across the scoped Practice Areas.

How often should an assessment for CMMI be performed?

CMMI assessments via Benchmark Appraisals should be performed at key implementation milestones, with sustainment appraisals recommended every 2-3 years post-rating to verify ongoing institutionalization. Initial gap analyses use Evaluation Appraisals (diagnostic and readiness) before Benchmark Appraisals; frequency aligns with IDEAL improvement cycles and business needs like contract renewals.

What are the consequences of non-compliance with CMMI?

Non-compliance with CMMI results in lost contract opportunities, bid disqualifications, and operational risks like schedule overruns, rather than legal penalties since it is voluntary. In DoD or regulated procurements mandating specific Maturity Levels (e.g., ML3), failure excludes organizations from awards, potentially costing millions in revenue, with no direct fines but indirect impacts like reputational damage.

Can CMMI be mapped to other international frameworks?

Yes, CMMI can be formally mapped to frameworks like ISO/IEC 330xx (successor to SPICE 15504), with demonstrated OWL ontologies enabling automated capability inferences. v2.0 Practice Areas align with Agile/DevOps via tailored implementations (e.g., Requirements Development and Management to sprint backlogs), supporting interoperability without prescribing specific methodologies.

What is the first step to begin implementing CMMI?

The first step is securing executive sponsorship and conducting a baseline gap analysis using an Evaluation Appraisal or CMMI-AM self-assessment against target Maturity Levels. This defines scope (staged vs. continuous), prioritizes high-impact Practice Areas (e.g., Requirements Management, Configuration Management), and produces a prioritized roadmap per the IDEAL model (Initiating/Diagnosing phases).

What is the primary objective of AS9120B?

AS9120B establishes a quality management system (QMS) for organizations that procure, store, split, and resell aerospace parts without altering product characteristics. Built on ISO 9001:2015’s 10-clause structure, it adds over 100 aerospace-specific requirements addressing distribution risks like loss of traceability, counterfeit parts, documentation errors, and external provider controls. The standard ensures chain-of-custody integrity through operational controls in Clause 8, including identification/traceability (8.5.2), counterfeit prevention (8.1.4), and preservation (8.5.4), enabling distributors to meet OEM supply chain expectations.

Who is legally or professionally required to comply with AS9120B?

AS9120B applies to stockist distributors, pass-through distributors, and those performing batch splitting in aviation, space, and defense sectors. It targets organizations procuring, storing, and reselling parts without modification, excluding value-added activities like machining or MRO. Certification is not legally mandatory but commercially required by major OEMs and primes for supplier approval, with thousands of global certifications as of 2026, listing in IAQG’s OASIS database.

Does AS9120B require an external audit or third-party certification?

AS9120B requires third-party certification through accredited registrars via Stage 1 (documentation) and Stage 2 (implementation) audits per AS9101G. Certification demonstrates QMS conformity, with ongoing surveillance audits annually and recertification every three years. Internal audits (Clause 9.2) provide evidence of effectiveness, but external certification by IAQG-recognized bodies is essential for OASIS listing and market access.

How often should an assessment for AS9120B be performed?

AS9120B requires internal audits at planned intervals to cover all processes annually (Clause 9.2). Management reviews occur at planned intervals (Clause 9.3), typically quarterly or semi-annually, evaluating performance trends, risks, and supplier data. External surveillance audits occur annually post-certification, with full recertification every three years, ensuring continual improvement and risk-based verification.

What are the consequences of non-compliance with AS9120B?

Non-compliance with AS9120B risks exclusion from OEM supply chains, contract termination, and reputational damage. Lacking certification prevents OASIS listing and prime approvals; audit failures lead to major nonconformities in traceability, counterfeit controls, or supplier evaluation, incurring remediation costs, repeated audits, and potential legal liabilities from safety incidents or recalls due to nonconforming parts.

Can AS9120B be mapped to other international frameworks?

AS9120B aligns directly with ISO 9001:2015 via its 10-clause high-level structure, enabling seamless mapping. It incorporates all ISO requirements as baseline, augmented by aerospace additions like counterfeit prevention and traceability, facilitating integrated management systems without clause conflicts. Organizations with ISO 9001 can transition by addressing AS9120B-specific operational controls.

What is the first step to begin implementing AS9120B?

The first step is conducting a formal gap analysis against AS9120B clauses using a certified checklist. Assemble a cross-functional team to map current processes to Clauses 4-10, justify scope and “not applicable” determinations (e.g., Clause 8.3 design), prioritize distributor risks like traceability and suppliers, and produce a risk-registered implementation plan with leadership commitment.

Standards Comparison

CMMI vs AS9120B

CMMI

Voluntary

2023

Process improvement framework with maturity levels 0-5

AS9120B

Mandatory

2016

Aerospace QMS standard for distributors ensuring traceability.

Quick Verdict

CMMI drives process maturity for predictable delivery across industries, while AS9120B ensures aerospace distributor QMS with traceability and counterfeit controls. Companies adopt CMMI for performance gains; AS9120B for supply chain access and compliance.

Process Maturity

CMMI

Capability Maturity Model Integration (CMMI)

Cost

€€€€

Complexity

Medium

Implementation Time

12-18 months

Key Features

Defines 6 maturity levels for organizational progression
Organizes 25 practice areas into 4 categories
Uses Benchmark appraisals for objective benchmarking
Institutionalizes processes via Governance and Implementation Infrastructure
Integrates with Agile, DevOps methodologies seamlessly

Quality Management

AS9120B

AS9120B: Quality Management Systems - Distributors

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Counterfeit and suspected unapproved parts prevention
Robust traceability and chain-of-custody controls
Enhanced external provider evaluation and flowdown
Configuration management for sales orders
Risk-based operational planning for distribution

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

CMMI Details

What It Is

Capability Maturity Model Integration (CMMI) is a performance improvement framework for process maturity. It provides a structured approach to enhance organizational capability in development, services, and acquisition through maturity levels and practice areas.

Key Components

**4 Category AreasDoing, Managing, Enabling, Improving.
25 Practice Areas like Requirements Development, Configuration Management.
6 Maturity Levels (0-5) from Incomplete to Optimizing.
Governance and Implementation Infrastructure for institutionalization; Benchmark appraisals for certification.

Why Organizations Use It

Improves predictability, reduces rework, boosts quality.
Meets contract requirements in defense, regulated sectors.
Builds stakeholder trust via benchmarked maturity ratings.
Enables competitive advantages through measurable ROI.

Implementation Overview

Phased approach: assessment, piloting, rollout, appraisal.
Applies to mid-to-large organizations in IT, software, services.
Involves training, tooling, change management; Benchmark appraisals for official ratings.

AS9120B Details

What It Is

AS9120B is the IAQG quality management system standard for aerospace distributors, based on ISO 9001:2015's high-level structure. It specifies requirements for organizations procuring, storing, splitting, and reselling parts without altering characteristics, emphasizing risk-based thinking to address distribution risks like traceability loss and counterfeits.

Key Components

Over 100 aerospace-specific additions to ISO 9001 across 10 clauses.
Core areas: context analysis, leadership, planning, support, operations (traceability, counterfeit prevention, external providers), performance evaluation, improvement.
Built on PDCA cycle; certification via accredited bodies with OASIS listing.

Why Organizations Use It

Commercial necessity for OEM/Tier-1 supply chains.
Mitigates risks of nonconformities, counterfeits, legal liabilities.
Enhances market access, customer trust, operational efficiency.

Implementation Overview

Phased approach: gap analysis, process design, training, audits (6-12 months).
Applies to aviation/space/defense distributors globally; multi-site scalable.

Key Differences

Aspect	CMMI	AS9120B
Scope	Process improvement across development, services, acquisition	Aerospace distribution QMS, traceability, counterfeit prevention
Industry	Cross-industry, software, IT, defense globally	Aerospace distributors worldwide, aviation/space/defense
Nature	Voluntary maturity framework with appraisals	Certification standard based on ISO 9001:2015
Testing	SCAMPI appraisals (A/B/C) by certified appraisers	Certification audits (Stage 1/2), surveillance audits
Penalties	Loss of maturity rating, no legal penalties	Certification revocation, market exclusion, no fines

Scope

CMMI

Process improvement across development, services, acquisition

AS9120B

Aerospace distribution QMS, traceability, counterfeit prevention

Industry

CMMI

Cross-industry, software, IT, defense globally

AS9120B

Aerospace distributors worldwide, aviation/space/defense

Nature

CMMI

Voluntary maturity framework with appraisals

AS9120B

Certification standard based on ISO 9001:2015

Testing

CMMI

SCAMPI appraisals (A/B/C) by certified appraisers

AS9120B

Certification audits (Stage 1/2), surveillance audits

Penalties

CMMI

Loss of maturity rating, no legal penalties

AS9120B

Certification revocation, market exclusion, no fines

Frequently Asked Questions

Common questions about CMMI and AS9120B

CMMI FAQ

AS9120B FAQ

You Might also be Interested in These Articles...

ISO 27701 Implementation Roadmap: Step-by-Step Guide for Extending Your ISO 27001 ISMS to PIMS

Extend ISO 27001 ISMS to ISO 27701 PIMS with this step-by-step roadmap. Master role-specific controls, avoid pitfalls, meet certification evidence needs for pri

The Regulatory Radar: How Data-Driven Compliance Tools Provide Strategic Foresight

Unlock strategic foresight with data-driven compliance tools. Act as your regulatory radar: real-time monitoring, automated insights, and 3x cost cuts. Anticipa

SEC Cybersecurity Rules Implementation Guide: Mastering Form 8-K Item 1.05 Materiality Determination and 4-Business-Day Reporting Workflow

Master SEC Form 8-K Item 1.05 compliance with step-by-step materiality assessment, incident workflows & Inline XBRL tagging. Beat the 4-business-day clock. Esse

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how CMMI and AS9120B compare against other standards

Other CMMI Comparisons

Other AS9120B Comparisons

What It Is

Key Components

**4 Category AreasDoing, Managing, Enabling, Improving.
25 Practice Areas like Requirements Development, Configuration Management.
6 Maturity Levels (0-5) from Incomplete to Optimizing.
Governance and Implementation Infrastructure for institutionalization; Benchmark appraisals for certification.

Why Organizations Use It

Improves predictability, reduces rework, boosts quality.
Meets contract requirements in defense, regulated sectors.
Builds stakeholder trust via benchmarked maturity ratings.
Enables competitive advantages through measurable ROI.

Implementation Overview

Phased approach: assessment, piloting, rollout, appraisal.
Applies to mid-to-large organizations in IT, software, services.
Involves training, tooling, change management; Benchmark appraisals for official ratings.

What It Is

Key Components

Over 100 aerospace-specific additions to ISO 9001 across 10 clauses.

Core areas: context analysis, leadership, planning, support, operations (traceability, counterfeit prevention, external providers), performance evaluation, improvement.

Built on PDCA cycle; certification via accredited bodies with OASIS listing.

Aspect

CMMI

AS9120B

Scope

Process improvement across development, services, acquisition

Aerospace distribution QMS, traceability, counterfeit prevention

Industry

Cross-industry, software, IT, defense globally

Aerospace distributors worldwide, aviation/space/defense

Nature

Voluntary maturity framework with appraisals

Certification standard based on ISO 9001:2015

Testing

SCAMPI appraisals (A/B/C) by certified appraisers

Certification audits (Stage 1/2), surveillance audits

Penalties

Loss of maturity rating, no legal penalties

Certification revocation, market exclusion, no fines