Cybersecurity Capability Maturity Model (C2M2)
C2M2 is a cybersecurity maturity model developed by the Department of Energy (DoE) in the U.S. to evaluate and improve cybersecurity of critical infrastructure organisations and their resilience covering both information technology (IT) as well as operations technology (OT). Even though C2M2 is mostly used by the energy sector, other critical infrastructure sectors such as Defence, Chemical, Healthcare, Transportation sectors also make use of this extensive evaluation.
C2M2 comprises of cybersecurity best practices which are divided into 10 main domains: Assets, Architecture, Cybersecurity program, Response, Access, Risk, Situations, Third parties, Threat, and Workforce. These practices are further organised into objectives (Target levels) which can be achieved by implementing, since this is a maturity model, maturity of each practice and domains is evaluated by maturity indicators from 1 to 3 which will give your organisation a better idea of where it is at right now.
Benefits of C2M2 Compliance:
- Enhanced cybersecurity posture regardless of which critical infrastructure sector your organisation is in with a holistic approach.
- Simplifies the decision-making process since it gives an organisation a snapshot of where it is currently and where it needs to be in terms of cybersecurity.
- Gradual implementation of best practices within domains with the use of maturity indicators and incremental improvements which can match your business objectives and budget.
- Higher market share and reputation compared with competitors without critical infrastructure cybersecurity or on a lower maturity level.
- End-to-end guidance from the initial assessment and maturity assessment till compliance.
- Comprehensive and achievable roadmaps in alignment with your business objectives.
- Expert consultation on similar maturity models for better reach internationally (e.g., AESCSF).
- Continuous support throughout with all internal assessments of articles and implementations
- Support with external audits of C2M2 and continual improvements.