# Cybersecurity Capability Maturity Model (C2M2) The Cybersecurity Capability Maturity Model (C2M2) provides the foundation for creating operational resilience within an organization. The C2M2 assists in the assessment of maturity for [[cybersecurity]] management and implementation across an organization. It guides organizations in developing consistent programs that can be benchmarked for improvement analysis. ## Capability Scope | **C2M2 Domain** | **Capability Scope** | | ---------------------------------------------------------------- | ----------------------------------------------------------- | | Asset, Change, and Configuration Management (ASSET) | [[Asset Management]] | | Threat and Vulnerability Management (THREAT) | [[Control Verification]] | | Risk Management (RISK) | [[Compliance]]<br>[[Control Development]] | | Identity and Access Management (ACCESS) | [[Identity and Access Management]]<br>[[Threat Mitigation]] | | Situational Awareness (SITUATION) | [[Adversary Research]] | | Event and Incident Response, Continuity of Operations (RESPONSE) | [[Incident Containment]] | | Third Party Risk Management (THIRD-PARTIES) | [[Third Party Management]]<br>[[Threat Mitigation]] | | Workforce Management (WORKFORCE) | Human Resources | | Cybersecurity Architecture (ARCHITECTURE) | [[Control Development]] | | Cybersecurity Program Management (PROGRAM) | [[Control Development]] | ## Inspiration & Resources + [C2M2 Version 2.1 June 2022 (energy.gov)](https://www.energy.gov/sites/default/files/2022-06/C2M2%20Version%202.1%20June%202022.pdf) ## Release Notes + [[WIP - Q3 2024 Release#Map Cybersecurity Capability Maturity Model (C2M2) to Cybersecurity Capabilities]] ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.