A critical factor in developing the CCSMM was that cybersecurity is not a binary issue. A state or community does not either have security or it doesn’t. There are many levels of security preparedness and not every entity needs the same level of security preparedness – it should be based on the actual threats to the state, community, tribe, territory, or organization. This implies there are different levels of security that can be implemented so one of the first tasks in developing a program would be to understand the different levels, understand what is currently implemented, and know what the ultimate goal is. In other words, what security level is needed or desired by the community? The CCSMM was thus created to provide three things: