The Department of Energy is updating their cybersecurity toolkit to reflect changes in the threat environment. The new Cybersecurity Capability Maturity Model will include references to discovered vulnerabilities and new mitigation technologies. Karen Evans, Assistant Secretary for CESER, says that the update was very needed.
“This maturity model has been out for a while. It predates the NIST cybersecurity framework. One of the biggest things was making sure that our framework aligns to the NIST framework so the taxonomy in how we talk about things and definitiions, they can be commonplace across the board,” Evans said. “When somebody says I have a best practice, regardless of what industry you are in, you’ll be able to apply that best practice.”