Cybersecurity Capability Maturity Model (C2M2)

You are here

The C2M2 model, which is designed to be used by any organization to enhance its own cybersecurity capabilities, is publicly available and can be downloaded now. More information is available in the FAQs. For those organizations performing self-assessments, please refer to the C2M2 Facilitators Guide and request a free C2M2 toolkit.

The Electricity Subsector C2M2 (ES-C2M2) and Oil and Natural Gas Subsector C2M2 (ONG-C2M2) models are energy sector-specific versions that include the core C2M2 as well as additional reference material and implementation guidance specifically tailored for the electricity and oil and natural gas segments of the energy sector.

The Energy Department continues to work with public and private partners to support adoption of the C2M2. If your organization has questions about the C2M2 model or toolkit, please contact the C2M2 team at C2M2@hq.doe.gov.

Related Publications


CEDS Fact Sheets
CEDS 2016 Peer Review
CEDS 2014 Peer Review
CEDS 2012 Peer Review
CEDS 2010 Peer Review
Cybersecurity Procurement Language for Energy Delivery Systems (April 2014)
Electricity Subsector Cybersecurity Risk Management Process (RMP) Guideline
Roadmap to Achieve Energy Delivery Systems Cybersecurity
The Vulnerability Analysis of Energy Delivery Control Systems Report
Guidelines for Smart Grid Cyber Security (3.4 MB PDF)
A Guide to Developing a Cyber Security and Risk Mitigation Plan

Related Links

Executive Order (EO) 13636 “Improving Critical Infrastructure Cybersecurity”
NIST Framework
Use of the NIST Cybersecurity Framework & DOE C2M2
Cybersecurity Capability Maturity Model (C2M2) Program
C2M2
ES-C2M2
Podcast - ES-C2M2
ONG-C2M2
C2M2 Facilitator Guide
DHS Critical Infrastructure Cyber Community C³ Voluntary Program
Energy Sector Cybersecurity Framework Implementation Guidance (January 2015)