United States Department of Energy
Overview: Repeated cyber intrusions into organizations of all types demonstrate the need for improved cybersecurity. Cyber threats continue to grow, and they represent one of the most serious operational risks facing modern organizations. National security and economic vitality depend on the reliable functioning of critical infrastructure and the sustained operation of organizations of all types in the face of such threats. The Cybersecurity Capability Maturity Model can help organizations of all sectors, types, and sizes to evaluate and make improvements to their cybersecurity programs and strengthen their operational resilience.
The C2M2 focuses on the implementation and management of cybersecurity practices associated with information, information technology (IT), and operations technology (OT) assets and the environments in which they operate. The model can be used to:
- strengthen organizations’ cybersecurity capabilities;
- enable organizations to effectively and consistently evaluate and benchmark cybersecurity capabilities;
- share knowledge, best practices, and relevant references across organizations as a means to improve cybersecurity capabilities;
- enable organizations to prioritize actions and investments to improve cybersecurity capabilities.