In 2013, CERT developed and piloted a two-tiered assessment of an organization’s group of incident management teams using recently updated versions of two types of assessment instruments. At the higher level, we used the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC) to do a quick, self-directed assessment of all the local organizational CSIRTs across the enterprise. The results were collected and analyzed by CERT. This quick questionnaire used 16 high-level drivers to explore key aspects of the team’s abilities to detect, analyze and respond to incidents. Two of the teams were also selected for in-depth assessments using the Incident Management Capabilities (IMC), a set of 73 detailed capabilities that provide an in-depth look at a team’s ability detect and respond to incidents as well as protect, prepare, and sustain an incident management function. The MRD-IMC provided insight into patterns, common strengths and weaknesses, and the general status of all of the teams. The in-depth IMC assessment showed in detail where improvements needed to be made to two of the teams and what weaknesses were also in common with the rest of the teams. This presentation will provide an overview of these two evaluation instruments and discussed how they can be used in conjunction to first identify strengths and gaps at a high-level and then perform a more detailed assessment to identify improvement areas to address the gaps.