Christopher, J. (2018, November 1). Council post: The cybersecurity maturity model: A means to measure and improve your cybersecurity program. Forbes. This resource is important because it shares what a cybersecurity maturity model is, why organizations should have one, and how to choose the best model base on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and the Cybersecurity Capability Maturity Model (C2M2), which both provide a comprehensive approach that covers everything in cybersecurity.
Department of Energy (2019, June). Cybersecurity -capability maturity model (C2M2) program version 2.0. This resource showcases C2M2 model, which focuses on the implementation and management of cybersecurity practices associated with the operation and use of information technology and operational technology assets within any organization. This model can be used by any organization to enhance its own cybersecurity capabilities. Focus on reading pages 4-8 and 17-23.
Carvalho, J. V., Rocha, A., & Abreu, A. (2016). Maturity models of healthcare information systems and technologies: A literature review. Journal of Medical Systems, 6, 1. This resource identifies and compares the maturity models for management
of information systems and technologies (IST).
Jones, R. M., & Mikhaeel, M. (2020). Cybersecurity: How to successfully navigate CMMC and the DFARS. Procurement Lawyer, 55(3), 1–41. This resource brings together cybersecurity complex and costly requirements and provides practical guidance on how to navigate the Defense Federal Acquisition Regulation Supplement (DFARS) contract clauses and Cybersecurity Maturity Model Certification (CMMC) Version 1.0 requirements.
Stokes, A., & Childress, M. (2020, April 8). CMMC explained: What defense contractors need to know. CSO. This resource highlights what U.S. Department of Defense contractors need to know to meet cybersecurity maturity model certification requirements to bid on contracts.