Wednesday, August 14, 2019

DOE Calls for Comments on Cybersecurity Maturity Model

Today the DOE published a request for comments in the Federal Register (84 FR 40399-40400) on version 2.0 of its Cybersecurity Capability Maturity Model (C2M2). According to the notice the “C2M2 Version 2.0 leverages and builds upon existing efforts, models, and cybersecurity best practices to advance the model by adjusting to new technologies, practices, and environmental factors.”

The development of version 2.0 includes:

Establishing a Cybersecurity Architecture domain
Separating the maturity indicator levels (MILs) from the Information Sharing and Communications domain to include sharing practices in the Threat and Vulnerability Management and Situational Awareness domains
Movement of Continuity of Operations MILs from the Incident and Event Response to the Cybersecurity Program Management domain to account for continuity activities beyond response events
Increasing the use of common language throughout the model.

Public comments are being solicited, but there are no instructions within the document on how to submit comments. It does not look like the Federal eRulemaking Portal could be used since there is no docket number provided in the notice. An email address has been provided for Timothy Kocher, who is the DOE officer who signed the notice, but it would be unusual for public comments to be sent directly to him. I have an email in route to Kocher and will update this post as more information becomes available.

No comments:

/* Use this with templates/template-twocol.html */