Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), Version 1.0 [open pdf - 2MB]
"This document describes the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2). The goal of this model is to support ongoing development and measurement of cybersecurity capabilities within the electricity subsector through the following four objectives:  Strengthen cybersecurity capabilities in the electricity subsector.  Enable utilities to effectively and consistently evaluate and benchmark cybersecurity capabilities.  Share knowledge, best practices, and relevant references within the subsector as a means to improve cybersecurity capabilities.  Enable utilities to prioritize actions and investments to improve cybersecurity. The model was developed to apply to all electric utilities, regardless of ownership structure, size, or function. Broad use of the model is expected to support benchmarking for the subsector's cybersecurity capabilities.Section 2 of this document presents background information on the model and its development. Section 3 gives an overview of the U.S. electricity subsector. Section 4 contains the model itself. It begins by describing the model's development and architecture, and then it presents the model's objectives and practices, organized into 10 domains. Section 5 recommends an approach for using the model. Appendix A lists the references used for the glossary definitions, the domains, and the document in general. Appendix B gives an annotated bibliography that describes the key resources for each domain of the model. Appendix C is a glossary that defines many of the terms used in this document. Appendix D defines the acronyms used in this document. Appendix E describes related initiatives."
Lessons Learned Information Sharing: http://www.llis.dhs.gov/