Book a demo form

Book a demo

E8 Brochure Campaign Traffic

Resource Download

Contact Us

Signup Form (Blog Page and Resources Page)

Services Signup (MSSP page popup)

MITRE Att@ck Download (SEIM Pages 2021)

Book a demo form

Landing page - free trial form

Book a demo

E8 Brochure Campaign Traffic

Landing page - E8 demo form

Download the SmartCheck Brochure

Request SmartCheck for Ransomware Demo

SmartCheck for Ransomware Demo

SmartCheck Demo LP

SmartCheck Demo LP 2

MITRE ATT@CK Webinar - Jun 2022

you must read and acknowledge our privacy policy

C2M2 Compliance

C2M2 Compliance

Achieve compliance to C2M2

The Cyber security Capability Maturity Model (C2M2) was established in 2012 to improve the North American electricity subsector cyber security capabilities, and to understand the cyber-security posture of the grid. Since then, the model has been promoted to help organisations – regardless of size, type, or industry – evaluate, prioritise and improve their cyber resilience.

 The C2M2 model focuses on the implementation and management of cyber security practices associated with the operation and use of information technology and operational technology assets and the environments in which they operate.  The goal is to support continuous improvement and measurement of an organisation’s cyber security capabilities by effectively and consistently evaluating and benchmarking performance.


How the C2M2 Model works

The C2M2 model includes ten groups of cybersecurity practices, known as ‘Domains’. An organisation’s capabilities within each of these ‘Domains’ is evaluated and mapped to one of the four defined ‘Maturity Indicator Levels’ (MILs) from which a plan of priorities is created and then implemented, as required.

 C2M2 Maturity Model Architecture

C2M2 Maturity Model


This easy to understand infographic give an overview of the C2M2 Model, download here

Infographic giving an overview of the C2M2 Maturity Model


Does the C2M2 model apply to your organisation?

The C2M2 model is not a legal imperative for any organisation.  However, it was established to improve the North American utilities sector cyber resilience, consequently it is very relevant to critical infrastructure organisations regardless of jurisdiction.


What other security controls models are available?

Australian Energy Sector Cyber Security Framework

The Australian Energy Sector Cyber Security Framework (AESCSF) is a cyber security capability maturity model that has been based on C2M2.  The Framework aligns with existing Australian Privacy Principles and ACSC Essential Eight Strategies to Mitigate Cyber Security Incidents.  Further information can be found here.


United Kingdom Security Controls Model

The UK government is going through the process of implementing the EU Network and Information Systems Directive (NIS Directive) which became law in 2016; Member States must identify operators of essential services.

The operators of essential services and digital service providers are required to keep their networks and information secure and to notify security incidents to “competent authorities” when they occur.  Further information can be found here.


How Huntsman Security can help you align with C2M2 

Huntsman Security’s technology supports compliance monitoring across the C2M2 model domains. Key areas of capability sit within the following domains:

Situational Awareness

  • Perform logging
  • Perform monitoring
  • Establish and maintain a common operating picture
  • Management activities

Event and Incident Response, Continuity of Operations

  • Detect cyber security events
  • Escalate cyber security events and declare incidents
  • Respond to incidents and escalated cyber security events
  • Plan for continuity
  • Management activities


Huntsman Security’s expertise in Critical Infrastructure

Huntsman Security’s cyber security solutions operate in the most mission-critical environments.  Our client base comprises critical infrastructure organisations and Government departments that include defence, intelligence and law enforcement. Our Security Analytics solution is recommended for large organisations in The Forrester Wave™ 2018 for Security Analytics platforms  

Find out more about C2M2 compliance 

Request More Info