The Cybersecurity Capability Maturity Model (C2M2) is a voluntary standard published by the U.S. Department of Energy (DOE) that helps organizations in the energy industry measure the maturity of their cybersecurity capabilities in a consistent manner. The C2M2 is comprised of 10 domains, which are all closely aligned with categories used by other industry cybersecurity standards, like the NIST Cybersecurity Framework. They include:

	Risk Management [RM]
	Asset, Change, and Configuration Management [ACM]
	Identity and Access Management [IAM]
	Threat and Vulnerability Management [TVM]
	Situational Awareness [SA]
	Information Sharing and Communications [ISC]
	Event and Incident Response, Continuity of Operations [IR]
	Supply Chain and External Dependencies Management [EDM]
	Workforce Management [WM]
	Cybersecurity Program Management [CPM]