U.S. Dept. of Energy Seeks Comment on Updated Cybersecurity Capability Maturity Model

Dec 1, 2021

Reading Time : 1 min

DOE first developed C2M2 in 2012 in partnership with the U.S. Department of Homeland Security and in collaboration with industry, private-sector and public-sector experts.1 Version 1.1 came in 2014, with separate versions targeted for the electricity and oil and natural gas subsectors. Version 2.0 is “designed for use across the energy sector, and can be used by other critical infrastructure sectors as well.” It includes “input from the Energy Sector C2M2 Working Group, which comprises 145 energy sector cybersecurity practitioners representing 77 energy sector and cybersecurity organizations.” According to DOE, it “better addresses new technologies like cloud, mobile, and artificial intelligence,” as well as “evolving threats such as ransomware and supply chain risks.” Since July, DOE has been piloting Version 2.0 with energy companies and utilities and now seeks to “obtain the broadest possible input” to “inform the C2M2 Working Group as it develops future model updates.” In particular, DOE seeks input on:

  • “The usefulness of C2M2 practices in evaluating and improving cybersecurity program capabilities.”
  • “The applicability of practice language to the IT and OT environments in use by energy sector organizations.”
  • “The readability of and ability to understand practice language.”
  • “The completeness of cybersecurity domains, objectives, and practices [in] the C2M2.”
  • “The effectiveness of guidance documentation (e.g., model introduction sections, domain introductions, and appendices) in conveying model concepts, architecture, and how to use the model.”
  • “Any other potential improvements to the C2M2 documentation or practices contained therein.”

Interested entities can submit comments to C2M2@hq.doe.gov using the Comment Submission Form available here.


1 See https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2.

Share This Insight

Previous Entries

Speaking Energy

July 7, 2026

On June 29, 2026, the Supreme Court granted a petition for certiorari in Leonard Hoffmann v. WBI Energy Transmission, Inc. (Hoffmann), which presents the question whether section 7 of the Natural Gas Act (NGA) requires pipeline companies using federal eminent domain authority to pay landowners’ attorney’s fees in states where landowners can recover those fees under state law. In the decision giving rise to the Supreme Court’s review, the U.S. Court of Appeals for the Eighth Circuit held that a group of ranchers were not entitled to recover their $383,300 in attorney’s fees incurred while negotiating their compensation—creating a circuit split with four other courts of appeals. Hoffmann will be heard during the Court’s October 2026 Term, and marks the second time in five years that the Court has agreed to interpret NGA section 7.

...

Read More

Speaking Energy

July 6, 2026

On June 29, 2026, the United States Supreme Court issued Trump v. Slaughter, fundamentally reshaping presidential removal authority over independent regulatory agencies. The decision overruled a 90-year-old precedent established in Humphrey’s Executor v. United States, which had upheld the constitutionality of commissioner removal protections in the Federal Trade Commission Act (FTC Act). As written, the FTC Act permits a commissioner’s removal “only for inefficiency, neglect of duty, or malfeasance in office.” In Slaughter, the Court was asked to reevaluate this standard following the President’s removal of a Democratic-appointed FTC commissioner from office in 2025 without cause. Finding for the President, the Court held that removal was permissible because the FTC Act’s for-cause removal protections for commissioners violate the separation of powers, specifically, the President’s removal power under Article II. The Court explained that the FTC exercises executive power because it promulgates binding rules, investigates and enforces those rules through administrative adjudications, and brings civil enforcement actions in federal court. It found that because it exercises these executive powers, its commissioners “must therefore be controlled by the Chief Executive, in whom such power is vested.” While previous recent cases addressing the scope of the Removal Power, Seila Law LLC v. Consumer Financial Protection Bureau and Collins v. Yellen purported to preserve some kernel of Humphrey’s, the Court made clear that “[i]f anything more is left of Humphrey’s, we overrule it.”

...

Read More

Speaking Energy

June 25, 2026

On June 18, 2026, the Federal Energy Regulatory Commission (FERC or the Commission) issued an order to the California Independent System Operator Corporation (CAISO) directing CAISO and CAISO transmission owners to show cause as to why CAISO’s tariff should not be found to be unjust and unreasonable (California Indep. Sys. Operator Corp., 195 FERC ¶ 61,214 (2026) (the Order)) because it fails to sufficiently:

...

Read More

Speaking Energy

June 24, 2026

On June 18, 2026, the Federal Energy Regulatory Commission (FERC or the Commission) issued an order to New York Independent System Operator, Inc. (NYISO) directing NYISO and NYISO transmission owners to show cause as to why NYISO’s tariff should not be found to be unjust and unreasonable (New York Independent System Operator, Inc., 195 FERC ¶ 61,216 (2026) (Order)) because it fails to sufficiently:

...

Read More

© 2026 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.