ES-C2M2 | Overview | Information Security Policies are Critical for Compliance | Electric Subsector Cybersecurity Capability Maturity Model

34. What is the Electric Subsector Cybersecurity Capability Maturity Model (ES-C2M2) and why are information security policies and procedures so important, and do you offer comprehensive I.T. security documentation?

ES-C2M2, officially known as the Electric Subsector Cybersecurity Capability Maturity, is a comprehensive framework (developed in conjunction with the White House, DHS, and other industry organizations) that aims to support ongoing development and measurement of cyber security capabilities within the electricity subsector through the following four (4) main objectives:

  • Strengthening cyber security capabilities.
  • Enabling utilities to effectively and consistently evaluate and also benchmark applicable cyber security capabilities and initiatives.
  • Sharing of knowledge and best practices within the community as a whole.
  • Enabling utilize to prioritize, invest, and undertake other necessary procedures for improving cyber security.

Learn more about our signature product, the Global Information Security Compliance Packet (GISCP)the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.

Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.

EC-C2M2 | Ten (10) Domains | Four (4) Maturity Indicator Levels (MILs)
As for the model of ES-C2M2, it’s organized into ten (10) domains, along with four (4) maturity indicator levels (MILs), with each domain effectively being a logical grouping of cyber security practices. As for the ten (10) domains, they consist of the following:

  • Risk Management (RISK)
  • Asset, Change, and Configuration Management (ASSET)
  • Identity and Access Management (ACCESS)
  • Threat and Vulnerability Management (THREAT)
  • Situational Awareness (SITUATION)
  • Information Sharing and Communications (SHARING)
  • Event and Incident Response, Continuity of Operations (RESPONSE)
  • Supply Chain and External Dependencies Management (DEPENDENCIES)
  • Workforce Management (WORKFORCE)
  • Cyber security Program Management (CYBER)

ES-C2M2 | Information Security Policies and Procedures are Critical for Compliance
What’s interesting to note about the ten (10) ES-C2M2 domains is the need for comprehensive operational and information security policies and procedures. Risk assessment, change management, incident response measures – the list goes on and on – these and other areas within the ES-C2M2 framework are heavily dependent upon documented policies and procedures for helping ensure compliance. While there are no doubt numerous technical requirements that must also be met for ES-C2M2, developing well-written and in-depth policy and procedural material can be an extremely challenging and time-consuming process. What’s needed are the Global Information Security Compliance Packet (GISCP) set of operational, business specific, and information security documents from Flat Iron Technologies, LLC, a global leader in offering professionally developed, high-quality security documentation.

With literally hundreds of templates to choose from, the GISCP set of documents can help facilitate compliance regarding ES-C2M2.

As for version 1.0 of the ES-C2M2 publication, dated 31May, 2012, it’s available for download from

GISCP - PREMIER Edition ($1,479.00)

Click below to view table of contents

GISCP cover

White Papers