Contact Us

Send us a Message

4 + 12 =

Or Contact

Frequently Asked Questions

Why would I use the Cybersecurity Scorecard if I am outsourcing IT?


You’re not the only one to outsource IT–it’s a common way to allocate resources to IT without adding a full-time employee, especially in municipal environments. However, you still want to assign someone internal to your utility to oversee the third-party provider.

The Cybersecurity Scorecard is a great way to check how well your external IT team is performing with regards to your cybersecurity needs. Contact [email protected] to link your registration with your third-party. Then you can evaluate and set goals together.

How does the Scorecard relate to industry standards?


The Scorecard is based on the US Department of Energy’s Cybersecurity Capability Maturity Model (C2M2), which uses industry best practices to self-evaluate individual utilities’ security programs. After you complete your personalized Scorecard, you can view tailored recommendations and determine whether your organization is ready to complete the full C2M2 evaluation (recommended for those who score 240 or higher on the Scorecard).

Is there any way to see how other utilities of my size are scoring and what they are doing to address cybersecurity?


The Scorecard benchmarks your score against the industry as a whole. We encourage users to join the Cybersecurity Scorecard Users Group, open only to Public Power members at to network with other members, share resources, and ask questions.

Are there resources for training that would walk me through the process of completing the Cybersecurity Scorecard?


While the Scorecard is designed to be completed on your own in one 45-minute session, many users have found it helpful to attend a training session or webinar that goes over the Scorecard, C2M2, and topics covered in both. You can also access slides and recordings from previous trainings through “More Info” in the Cybersecurity Scorecard Users Group