C2M2-Guide-Cover

Compliance Guide: Aligning to the Cybersecurity Capability Maturity Model (C2M2)

Guides

Compliance Guide: Aligning to the Cybersecurity Capability Maturity Model (C2M2)

Compliance Guide:
Aligning to the Cybersecurity Capability Maturity Model (C2M2)

Download Guide

C2M2-Guide-Cover

The Cybersecurity Capability Maturity Model (C2M2) is a voluntary standard published by the U.S. Department of Energy (DOE) that helps organizations in the energy industry measure the maturity of their cybersecurity capabilities in a consistent manner. The C2M2 is comprised of 10 domains, which are all closely aligned with categories used by other industry cybersecurity standards, like the NIST Cybersecurity Framework. They include:

  • Risk Management [RM]
  • Asset, Change, and Configuration Management [ACM]
  • Identity and Access Management [IAM]
  • Threat and Vulnerability Management [TVM]
  • Situational Awareness [SA]
  • Information Sharing and Communications [ISC]
  • Event and Incident Response, Continuity of Operations [IR]
  • Supply Chain and External Dependencies Management [EDM]
  • Workforce Management [WM]
  • Cybersecurity Program Management [CPM]

In this C2M2 compliance guide, we dive into the objectives for each domain in this model and how Industrial Defender’s Automation System Manager (ASM®) helps you align with them.