Shortly before Thanksgiving, the Department of Energy issued a request for public comment on Version 2.0 of its Cybersecurity Capability Maturity Model (C2M2), which it released in July 2021 to help organizations of all sectors, types and sizes to “evaluate and improve their cybersecurity capabilities, considering their specific risk environment,” and to strengthen their operational resilience.
C2M2 – not to be confused with the DoD’s CMMC – “is a voluntary tool, tailored specifically for the energy industry, that enables companies to set targets, evaluate and benchmark their cybersecurity capabilities, and use the results to prioritize actions and investments.” It is “scalable for a company of any size” and “designed to evaluate practice in both the information technology (IT) and operational technology (OT) environments.” Comments on Version 2.0 and any additional information commenters wish to provide are due by Monday, December 27, 2021.
Source: