Today the DOE published a request for comments in the
Federal Register (84
FR 40399-40400) on version 2.0 of its Cybersecurity
Capability Maturity Model (C2M2). According to the notice the “C2M2 Version
2.0 leverages and builds upon existing efforts, models, and cybersecurity best
practices to advance the model by adjusting to new technologies, practices, and
environmental factors.”
The development of version 2.0 includes:
• Establishing a Cybersecurity Architecture domain
• Separating the maturity indicator levels (MILs)
from the Information Sharing and Communications domain to include sharing
practices in the Threat and Vulnerability Management and Situational Awareness
domains
• Movement of Continuity of Operations MILs from the
Incident and Event Response to the Cybersecurity Program Management domain to
account for continuity activities beyond response events
• Increasing the use of common language throughout
the model.
Public comments are being solicited, but there are no
instructions within the document on how to submit comments. It does not look
like the Federal eRulemaking Portal could be used since there is no docket
number provided in the notice. An email
address has been provided for Timothy Kocher, who is the DOE officer who
signed the notice, but it would be unusual for public comments to be sent
directly to him. I have an email in route to Kocher and will update this post
as more information becomes available.
Posts
No comments:
Post a Comment