E BOOK

Aligning to the Cybersecurity

Capability Maturity Model
(C2M2)
Implementation Guide

READ NOW

1 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Aligning to the Cybersecurity Capability
Maturity Model (C2M2)
The Cybersecurity Capability Maturity Model (C2M2) is a U.S. Department of Energy (DOE)
program that enables organizations to voluntarily measure the maturity of their cybersecurity
capabilities in a consistent manner. The C2M2 is closely aligned with many other industry
standards for OT security, like the NIST Cybersecurity Framework. As such, it serves as a broadly
relevant example of a top-notch OT security model that is worth looking at regardless of your
location or industry. Let’s dive into how Industrial Defender helps you align with every domain in
this model.

Risk Management [RISK] Event and Incident Response,

Continuity of Operations [RESPONSE]

Asset, Change, and Configuration Workforce Management

Management [ASSET] [WORKFORCE]

Identity and Access C2M2 Third-Party Risk Management

Management [ACCESS]
Domains (THIRD-PARTIES)

Threat and Vulnerability Cybersecurity Architecture

Management [THREAT] (ARCHITECTURE)

Cybersecurity Program Management

Situational Awareness [SITUATION] [PROGRAM]

2 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Risk Management [RISK]
Purpose

Establish, operate, and maintain an enterprise cybersecurity risk management

program to identify, analyze, and mitigate cybersecurity risk to the organization,
including its business units, subsidiaries, related interconnected infrastructure, and
stakeholders.

OBJECTIVES HOW INDUSTRIAL DEFENDER HELPS

A sound risk management program relies on actionable and

Establish and meaningful information. Industrial Defender delivers detailed
Maintain Cyber Risk
data about your OT environment, providing insight into potential
Management Strategy
vulnerabilities and anomalies to enable a centralized risk
and Program
management process. It also quantifies risk with a single metric
Identify Cyber Risk generated using a transparent scoring methodology that factors in
the unique context behind each alert. This allows security teams to
quickly weed out false positives, understand which threats pose the
Analyze Cyber Risk greatest risk, and prioritize triage and mitigation efforts accordingly.

Respond to Cyber
Risk

Management
Activities

3 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Asset, Change, and Configuration Management [ASSET]
Purpose

Manage the organization’s IT and OT assets, including both hardware and software,
commensurate with the risk to critical infrastructure and organizational objectives.

OBJECTIVES HOW INDUSTRIAL DEFENDER HELPS

Industrial Defender automatically discovers all assets connected

Manage IT and OT to your network and continuously compares the current state
Asset Inventory
of a system to a desired baseline to monitor for exceptions. The
administrator defines the set of ports, services, and applications
that are intended to be used on a system, and then monitors
Manage Information
Asset Inventory for deviations from this pre-defined configuration and alerts
immediately if an exception occurs.

You can also apply policy standards for configuration in an

Manage Asset
Configuration application and assess against those standards on an ongoing
basis. Inevitably, a system’s state will not align with its secure
configuration policy at some point. Occasionally, this misalignment
Manage Changes can be introduced by updates to the configuration policy itself, but
to Assets more often it can be due to changes that occur to the actual state
of a system. Industrial Defender detects differences between actual
system settings and the secure configuration policy.
Management
Activities

4 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Identity and Access Management [ACCESS]
Purpose

Create and manage identities for entities that may be granted logical or physical
access to the organization’s assets. Control access to the organization’s assets,
commensurate with the risk to critical infrastructure and organizational objectives.

OBJECTIVES HOW INDUSTRIAL DEFENDER HELPS

Industrial Defender collects all users in a system, including third-

Establish and party vendors and provides details about each user within an OT
Maintain Identities
network, such as whether their connection is local or created via an
Active Directory, when their account was created, and when they
were last logged in. Our building cybersecurity solution, Building
Control Logical
Access Defender, can monitor physical access control systems to detect
potential compromises that could allow unauthorized physical
access.
Control Physical
Access

Management
Activities

5 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Threat and Vulnerability Management [THREAT]
Purpose

Establish and maintain plans, procedures, and technologies to detect, identify,

analyze, manage, and respond to cybersecurity threats and vulnerabilities,
commensurate with the risk to the organization’s infrastructure (e.g., critical, IT,
operational) and organizational objectives.

OBJECTIVES HOW INDUSTRIAL DEFENDER HELPS

With Industrial Defender, security teams have access to a vast,

Reduce Cybersecurity ever-expanding wealth of OT-specific threat information, including
Vulnerabilities
our extensive database of common vulnerabilities and exposures
(CVEs). To help sort and prioritize threats, Industrial Defender’s
Asset Risk Scoring ranks the criticality of alerts based on granular
Respond to Threats
and Share Threat data and specific circumstances to give teams contextual data. This
Information feature allows you to rate risks according to your organization’s risk
categorization and assign a remediation timeline to each.

Management Armed with this intelligence, teams can quickly review and classify
Activities all vulnerabilities and associated threats to expedite threat detection
and response efforts, as well as establish a patch management
process and Computer Emergency Response Team.

6 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Situational Awareness [SITUATION]
Purpose

Establish and maintain activities and technologies to collect, monitor, analyze, alarm,
report, and use operational, security, and threat information, including status and
summary information from the other model domains, to establish situational awareness
for both the organization’s operational state and cybersecurity state.

OBJECTIVES HOW INDUSTRIAL DEFENDER HELPS

Proactive OT security monitoring is fundamental to building situational

Perform Logging awareness. With centralized event monitoring, collection and correlation,
Industrial Defender acts as a single window into threats in your ICS environment
with its holistic visibility of all monitored assets and consolidation of events from
computers, ICS endpoints, network traffic, and perimeter control devices.
Perform Monitoring
The robust toolset for configuring cybersecurity event rules allows you to
capture events from numerous sources including:

• Syslog feeds • Registry changes

Establish and • Application logs • Simple Network Management
Maintain Situational • Anti-virus/malware logs Protocol (SNMP) traps
Awareness • Asset configuration changes • Third-party vendor systems

Events are then classified into:

Management
Activities • Logical categories/metrics
• Types
• Priority levels

Industrial Defender also incorporates event stream processing, which analyzes a

series of events for deriving aggregation algorithms.

7 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Event and Incident Response, Continuity of Operations [RESPONSE]
Purpose

Establish and maintain plans, procedures, and technologies to detect, analyze,

mitigate, respond to and recover from cybersecurity events and to sustain
operations throughout a cybersecurity event, commensurate with the risk to
critical infrastructure and organizational objectives.

OBJECTIVES HOW INDUSTRIAL DEFENDER HELPS

Industrial Defender collects events at the lowest level of the

Detect Cybersecurity solution architecture, and the adaptable parsing rules, filters, and
Events
data processing rules limit the data collected to only information of
interest. Out-of-the-box, Industrial Defender comes with a set of
Analyze Cybersecurity events with associated priorities. Dashboards can be customized
Events and Declare with tiles and widgets to quickly visualize which events are most
Incidents
meaningful and may require action.

Respond to Methods for analyzing and responding to events include:

Cybersecurity Events
• Forwarding as alerts via email
• Reviewing via Dashboard Tiles & Widgets
Address Cybersecurity
in Continuity of • Reviewing via Search Screens
Operations • Reviewing as reports
• Forwarding events (syslog stream) to third-party systems
Management Activities
(SIEM, SOAR, etc.)

8 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Third-Party Risk Management [THIRD-PARTIES]
Purpose

Establish and maintain controls to manage the cyber risks arising from suppliers
and other third parties, commensurate with the risk to critical infrastructure and
organizational objectives.

OBJECTIVES HOW INDUSTRIAL DEFENDER HELPS

Industrial Defender accounts for all users in a system, including

Identify and Prioritize third-party vendors. Industrial Defender provides details about each
Third Parties
user within an OT network, such as whether their connection is local
or created via an Active Directory, when their account was created,
and when they were last logged in.
Manage Third-
Party Risk

Management
Activities

9 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Workforce Management [WORKFORCE]
Purpose

Establish and maintain plans, procedures, technologies, and controls to create a

culture of cybersecurity and to ensure the ongoing suitability and competence of
personnel, commensurate with the risk to critical infrastructure and organizational
objectives.

OBJECTIVES HOW INDUSTRIAL DEFENDER HELPS

Industrial Defender standardizes cybersecurity management

Assign Cybersecurity processes and workflows. The framework of our solution is
Responsibilities
built around assets, with groupings and assignments tied to the
individuals who manage these assets. The user dashboards, interface
Develop Cybersecurity and reports are also centered around the asset groupings and their
Workforce
responsible parties.

Implement Workforce
Controls

Increase Cybersecurity
Awareness

Management
Activities

10 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Cybersecurity Architecture [ARCHITECTURE]
Purpose

Establish and maintain the structure and behavior of the organization’s

cybersecurity architecture, including controls, processes, technologies and
other elements, commensurate with the risk to critical infrastructure and
organizational objectives.

OBJECTIVES HOW INDUSTRIAL DEFENDER HELPS

Establish and Maintain Data collected and maintained by Industrial Defender keeps your cyber
Cybersecurity Architecture architecture strategy informed. You can measure and manage network device
Strategy and Program configuration and communication between assets, monitor firewall and network
device changes, and be aware if network protections are compromised/bypassed
Implement Network Protections
with built-in IDS capabilities.
as an Element of the
Cybersecurity Architecture Industrial Defender also provides endpoint security through configuration
Implement IT and OT Asset management, vulnerability and patch management, and security event monitoring.
Security as an Element of the Flexible integrations enable sharing of this OT data with other parts of an
Cybersecurity Architecture organization’s enterprise security architecture.

Implement Software Security Realtime software inventory, patch and vulnerability management help teams
as an Element of the incorporate software security into their architecture.
Cybersecurity Architecture
Industrial Defender monitors data security tools and has policies that check for
Implement Data Security as an data security (e.g. 2FA, encryption, VPN).
Element of the Cybersecurity
Architecture The solution provides reporting and documentation to support any operations
management, maintenance activity needs, and audit/assessment functions.
Management Activities

11 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 Cybersecurity Program Management [PROGRAM]
Purpose

Establish and maintain an enterprise cybersecurity program that provides

governance, strategic planning, and sponsorship for the organization’s
cybersecurity activities in a manner that aligns cybersecurity objectives with the
organization’s strategic objectives and the risk to critical infrastructure.

OBJECTIVES HOW INDUSTRIAL DEFENDER HELPS

Industrial Defender has multiple features for establishing and

Establish Cybersecurity managing cybersecurity rules and organizational policies, such as
Program Strategy
alerting thresholds and reasons, remote access privileges down to
a user level, and virtual segmentation within your OT network. You
Sponsor Cybersecurity can reduce the risk of threats by detecting symptoms at the initial
Program stages and apply instant measures to mitigate them.

Management
Activities

12 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020

 So how do you make these controls work for you?
Industrial Defender helps teams align with every domain in this model, and
improves maturity in many other rigorous cybersecurity models. To see for
yourself how we can help you align with the Cybersecurity Capability Maturity
Model (C2M2), reach out to one of our OT security architects to schedule a demo.

THE INDUSTRIAL DEFENDER DIFFERENCE

Since 2006, Industrial Defender has been solving the challenge of safely collecting, monitoring,
and managing OT asset data at scale, while providing cross-functional teams with a unified view of
security. Their specialized solution is tailored to complex industrial control system environments
by engineers with decades of hands-on OT experience. Easy integrations into the broader security
and enterprise ecosystem empower IT teams with the same visibility, access, and situational
awareness that they’re accustomed to on corporate networks. They secure some of the largest
critical control system deployments with vendors such as GE, Honeywell, ABB, Siemens, Schneider
Electric, Yokogawa and others to protect the availability and safety of these systems, simplify
standards and regulatory requirements, and unite OT and IT teams.

Planning an OT Security Project?

SCHEDULE A DEMO

FOR MORE INFORMATION

1 (877) 943-3363 • (617) 675-4206 • info@industrialdefender.com
225 Foxborough Blvd, Foxborough, MA 02035
industrialdefender.com

© 2021 iDefender, LLC

13 | ALIGNING TO CYBERSECURITY CAPABILITY MATURITY MODEL GUIDE IndustrialDefender ©2020