Cybersecurity Capability Maturity Model (C2M2)

Protect your SCADA, Information Technology (IT) and Operational Technology(OT) assets with a proven standard and methodology.


A security framework to protect your IT and OT assets

Our team can share knowledge and expertise to assess your current security posture against C2M2 requirements. We will help you develop a roadmap to achieve C2M2 compliance, and help you implement security controls to improve your security and compliance posture.

Benefits of C2M2

Enhance Security Posture

Measure cybersecurity capabilities by integrating Core IT Security Processes and functions. Continuously identify the gaps to improve security.

Mitigate Risks

Identify risks - Internal and external; mitigate risks effectively by optimising the use of resources. Extend risk management to third parties and vendors.

Build Trust

Increase trust in business relationships both with customers and stakeholders.

How do Rabbon address the challenges?

Perform a C2M2 gap assessment to identify the gaps in your security program. Our experienced consultants will measure the effectiveness of your security controls. The result will be formulated in a report with your security maturity as described in C2M2. We are here to share our knowledge, best practices, and relevant references with you to help you build a sustainable and cyber-resilient operational environment.

OT/IT Security Governance

Establish a sound and defensible security governance culture

Critical Asset Assessment

Leverage from our Critical Asset Assessment service and tool to identify critical assets.

Incident Response

Our experts will help you build incident response playbooks to ensure smooth recovery from cyber security incidents.

Resource Optimisation

Make informed decisions to implement and prioritise cyber security controls. The process of C2M2 compliance will help you invest wisely in security controls.


Use a single cyber security program to comply with AESCSF and C2M2.


Contact us for C2M2 assessment and planning your cybersecurity program.