Cybersecurity Capability Maturity Model for Information Technology Services (C2M2 for IT Services), Version 1.0

Abstract : Cyber threats are one of the most serious and challenging types of operational risk facing modern organizations. The national and eco-nomic security of the United States depends on the reliable functioning of the information technology services that serve the Nations critical infrastructure in the face of such threats. Beyond critical infrastructure, the economic vitality of the Nation depends on the sustained operation of the enterprise information technology (IT) services of organizations of all types. This report describes the Cybersecurity Capability Maturity Model for Information Technology Services (C2M2 for IT Services), which helps IT service delivery organizations of all sectors, types, and sizes evaluate make improvements to their cybersecurity programs.