Citation
DOE Office of Electricity Delivery and Energy Reliability, Energy Sector Cybersecurity Framework Implementation Guidance (Draft) (Sept. 12, 2014) (full-text).
Overview
Energy companies need not make a choice between the NIST Cybersecurity Framework and the DOE's Cybersecurity Capability Maturity Model. The NIST framework tells organizations to grade themselves on a four-tier scale based on their overall cybersecurity program sophistication. C2M2 tells users to assess cybersecurity control implementation across 10 "domains" of cybersecurity practices, such as "situational awareness," according to their specific "maturity indicator level."