The Cybersecurity Capability Maturity Model (C2M2) is a free tool to help organizations evaluate their cybersecurity capabilities and optimize security investments.

A free, user-friendly C2M2 Self-Evaluation Tool is available on both an HTML and a PDF platform. The two versions of the tool both offer interactive features and help text, allow users to …

Designed for any organization regardless of ownership, structure, size, or industry It uses a set of industry-vetted cybersecurity practices focused on both information technology (IT) and …

The Cybersecurity Capability Maturity Model (C2M2) is a framework developed to help organizations improve cybersecurity practices by providing a structured approach to assessing …

Mar 9, 2023 · The NIST National Cybersecurity Center of Excellence (NCCoE) and the U.S. Department of Energy (DOE) Office of Cybersecurity, Energy Security, and Emergency …

Oct 20, 2025 · The C2M2 framework gives organizations a clear structure for understanding where they are in their cybersecurity journey and how to mature over time. It emphasizes risk …

C2M2 Model Practices (Excel file) Provides C2M2 practices and help text in a spreadsheet format.

Dec 16, 2020 · As a maturity model, C2M2 includes practices that range from foundational ones that are considered basic cybersecurity activities to those that are more advanced in terms of …

This Cybersecurity Capability Maturity Model (C2M2) was developed through a collaborative effort between public- and private-sector organizations, sponsored by the United States Department …

Get an overview of the C2M2, including its purpose, governing body, latest update, controls and requirements, and prescribed audit type and frequency.