πŸ€– Ready for Sovereignty 2026: Australian Insights Report. Get your copy
MarketplaceCybersecurityC2M2
CybersecurityFramework

C2M2

Cybersecurity Capability Maturity Model

The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.

Book your strategy callView source β†—

Overview

The C2M2 was initiated by the U.S. Department of Energy in collaboration with energy and cybersecurity industry stakeholders to address cybersecurity risks in critical infrastructure, including the energy sector. The model offers a maturity-based approach, with practices organized into domains, objectives, and maturity indicator levels (MILs). Initially targeted at the energy sector, it has been adopted across industries worldwide. Version 2.1, released in June 2022, features improvements in technology alignment, threat relevance, and usability. Supplemental tools, such as self-evaluation platforms and mapping guides, enhance user accessibility and simplify adoption. The model is designed to measure and improve cybersecurity over time, aiding organizations in prioritizing security investments and achieving targeted maturity levels.

Related in Cybersecurity

CybersecurityStandard

NIPG β€” National Identity Proofing Guidelines 2025

The National Identity Proofing Guidelines 2025 provide voluntary, risk-based best-practice guidance for verifying an individual's identity, aligned with Digital ID Accreditation Rules to promote consistency across physical and digital identity verification processes. The guidelines support organizations in strengthening identity-proofing practices, increasing trust through a standardized and transparent approach, and enabling more identity verification activities to be conducted online. By leveraging national identity verification services, organizations can reduce the need to store identity document copies, resulting in lower costs, improved privacy, reduced data breach risks, and stronger protection against identity fraud.

Australian Government β€’ Australia

View details
CybersecurityRegulation

Safe & Trusted Internet β€” Guidelines on Information Security Practices for Government Entities

The Safe & Trusted Internet Guidelines on Information Security Practices for Government Entities, issued by the Indian Computer Emergency Response Team (CERT-In), establish baseline cyber security controls and best practices to help government entities protect ICT infrastructure, systems, networks, and data against evolving cyber threats and strengthen India’s digital security posture.

Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India β€’ India

View details
CybersecurityGuideline

PDSP β€” Protective Data Security Plan (PDSP) Single organisation PDSP form Version 3.7

Victorian public sector bodies are required to report on their information security practices to the Office of the Victorian Information Commissioner (OVIC). This includes submitting Protective Data Security Plans (PDSPs), annual attestations, and notifying OVIC of security incidents as outlined under the Victorian Protective Data Security Framework and Standards (VPDSF, VPDSS).

Office of the Victorian Information Commissioner (OVIC) β€’ Victoria, Australia β€’ v3.7

View details
CybersecurityGuideline

CISA ZTMM V2 β€” CISA Zero Trust Maturity Model V2

The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.

US Department of Homeland Security (DHS) β€’ United States β€’ v2

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks β€” automatically.

Book your strategy call