You are here

Use of the NIST Cybersecurity Framework & DOE C2M2

Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President under the Executive Order (EO) 13636 “Improving Critical Infrastructure Cybersecurity” of February 2013 directed National Institute of Standards and Technology (NIST) to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure.

The C2M2 is one of many potential tools for addressing Framework implementation. For energy sector organizations that use the C2M2 as a measurement and investment decision tool, the DOE, in partnership with NIST and the Department of Homeland Security (DHS), is working on guidance documents that will highlight the interoperability between the NIST Cybersecurity Framework and DOE’s C2M2 program.