Cybersecurity Maturity Model

The RE: Cyber Initiative recognizes that in order to meaningfully engage Boards and CEOs in effectively managing cybersecurity risks, CEOS and Boards must have the tools to assess the danger to their corporations and to implement a program to counter cybersecurity risks.  Going forward, RE: Cyber will be working on the creation of an online, generic maturity model based on the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2). 

The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (May 2012), which allows electric utilities and grid operators to assess their cybersecurity capabilities and prioritize their actions and investments to improve cybersecurity, combines elements from existing cybersecurity efforts into a common tool that can be used consistently across the industry. The Maturity Model was developed as part of a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS) and Carnegie Mellon, and involved close collaboration with industry, other Federal agencies, and other stakeholders.

Click here for an overview of the ES-C2M2.

Click here for the full text of ES-C2M2