The question asks for a framework specifically created to measure cybersecurity maturity. The Cybersecurity Maturity Model Certification (CMMC) is the correct answer, and it is highly probable that "CHMC" is a typographical error for CMMC. The CMMC framework was developed by the United States Department of Defense (DoD) to enforce cybersecurity standards across the Defense Industrial Base (DIB). It is explicitly designed as a maturity model, assessing an organization's implementation of cybersecurity processes and practices across several defined levels, from basic to advanced, thereby measuring their cybersecurity maturity.

A. PCI-DSS: The Payment Card Industry Data Security Standard (PCI-DSS) is a prescriptive set of requirements for securing payment card data, not a framework for measuring organizational cybersecurity maturity levels.

B. GDPR: The General Data Protection Regulation (GDPR) is a legal framework from the European Union focused on data protection and privacy rights for individuals, not a cybersecurity maturity model.

D. FISMA: The Federal Information Security Management Act (FISMA) is a US law requiring federal agencies to implement specific information security programs. It is a compliance framework, not a tiered maturity model.

1. CMMC: U.S. Department of Defense

Office of the Under Secretary of Defense for Acquisition & Sustainment. "CMMC Model Overview." The documentation describes CMMC as a framework to measure the "cybersecurity maturity" of an organization through a series of levels. (Reference: CMMC 2.0 Model documentation available at dodcio.defense.gov/CMMC/).

2. PCI-DSS: PCI Security Standards Council. "PCI Data Security Standard (PCI DSS) v4.0." The official document outlines its purpose as providing "a baseline of technical and operational requirements designed to protect account data." It does not define maturity levels. (Reference: pcisecuritystandards.org

Official PCI DSS documentation

"Introduction" section).

3. GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council. "Article 1: Subject-matter and objectives." The regulation's stated objective is the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of such data.

4. FISMA: National Institute of Standards and Technology (NIST). "Federal Information Security Modernization Act (FISMA)." NIST documentation describes FISMA as a framework that requires federal agencies to implement security controls based on risk

focusing on compliance rather than a tiered maturity assessment. (Reference: NIST Special Publication 800-53

Rev. 5

"Security and Privacy Controls for Information Systems and Organizations

" Appendix G).