Request for Comment on the DOE Cybersecurity Capability Maturity Model Version 2.0
Through this notice, the Department of Energy (DOE) seeks comments and information from the public on enhancements to the Cybersecurity Capability Maturity Model (C2M2) Version 2.0. C2M2 Version 2.0 incorporates enhancements to align model domains and functional questions with internationally-recognized cyber standards and best practices, including the NIST Cybersecurity Framework Version 1.1 released in April 2018. Since C2M2's last update, new cybersecurity standards have been developed and existing standards have improved. Both technology and threat actors have become more sophisticated, creating new attack vectors and introducing new risks. DOE intends to address these challenges in version 2.0 of C2M2.