Security Posture using the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (co-author)

This report provides guidance for performing a capability maturity model assessment using the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2). Currently, the ES-C2M2 is intended for application at the organization level. This document includes application guidance that may be used by utilities to apply the ES-C2M2 to systems. This technical update addresses all ten domains in the ES-C2M2, and allocates the National Institute of Standards and Technology Interagency Report (NISTIR) 7628 security requirements to objectives and maturity indicator levels (MILs) within each of the ten domains. The results of the system assessment may be used to determine the security posture of utility systems.