Cybersecurity Capability Maturity Model (C2M2) was developed for the US Energy sector, sponsored by the United States Department of Energy (DOE).

It looks equally at both information technology (IT) and operations technology (OT).

Documentation, tools, practices and self-evaluation tools can be found through [energy.gov](https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2) and on [doe.gov](https://c2m2.doe.gov).


![](C2M2%20Version%202.1%20June%202022.pdf)

Related:
- [Operational Technology](../../Sparks/Operational%20Technology.md)
- [IEC 62443 Cybersecurity for operational technology in automation and control systems](IEC%2062443%20Cybersecurity%20for%20operational%20technology%20in%20automation%20and%20control%20systems.md)