Sunday, February 16, 2014

DOE's C2M2 is Growing Up Fast

There's been a ton of work accomplished since DOE handed the C2M2 flame to former FERCer Jason Christopher.  This program has now been leveraged at hundreds of enterprises and now gives you three flavors of Cybersecurity Capability Maturity Model (C2M2) to choose from now.

You can download any/all of the models right this minute if you are so inclined:


In addition, there are a number of new supporting resources for organizations at some stage of the C2M2 consideration or implementation process:

  • C2M2 FAQ - helps answer whether or not a C2M2 self-assessment is right for your organization (ab: sounds a little too much like a Cialis commercial to me)
  • C2M2 Facilitator Guide - provides step-by-step guidance for organizations that want to perform their own internal self-assessments (with or without a 3rd party)
  • C2M2 toolkit for all three models (electricity, oil & natural gas, and sector-neutral) based on MS Excel and Word, so it can be used by any organization. (Toolkits are provided by request only—email C2M2@doe.gov for more information.)

Lastly, this just-released bulletin tells you how DOE, NIST and DHS see the C2M2 and the Critical Infrastructure Security Framework (CSF) playing complementary roles.

So much good stuff.  Between all of the above and the Olympics, this should keep you off the streets and out of trouble until Spring finally shows up.

No comments: