C2M2 V2.0 is Here

The Cybersecurity Capability Maturity Model (C2M2) Version 2.0 (V2.0) was released today, the 21st of July 2021. The update addresses emerging technologies and the evolving cyber threat landscape. The update was guided by the Energy Sector C2M2 Working Group, which comprises 145 energy sector cybersecurity practitioners representing 77 organizations. The group was formed as a collaborative effort through the Electricity Subsector Coordinating Council and the Oil and Natural Gas Subsector Coordinating Council.

As part of this update, DOE and the Working Group also partnered with the National Institute of Standards and Technology (NIST) to ensure C2M2 V2.0 aligns with NIST’s Cybersecurity Framework (CSF).

The C2M2 V2.0 update includes the following improvements:

  • Establishment of a Cybersecurity Architecture domain
  • Enhancements to cybersecurity practices across the model
  • Significant changes to the Risk Management and Third-Party Risk Management domains
  • Integration of information sharing activities into the Threat and Vulnerability Management and Situational Awareness domains
  • Addition of a physical access objective to the Identity and Access Management domain
  • Streamlining of cybersecurity management practices
  • Increased usage of common language throughout the model

All these new changes are available in the Axio360 platform.

This is an abstract from the full announcement. For more information, please visit.


*** This is a Security Bloggers Network syndicated blog from Axio authored by Axio. Read the original post at: