Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >C2M2
  3. >Situational Awareness
  4. >Situational Awareness - Objective 3
  5. >C2M2-SITUATION-3D
C2M2-SITUATION-3DActive

Situational awareness reporting requirements have been defined and address timely dissemination of cybersecurity information to organization-defined stakeholders

Statement

Situational awareness reporting requirements have been defined and address timely dissemination of cybersecurity information to organization-defined stakeholders

Location

Domain
Situational Awareness
Objective
Situational Awareness - Objective 3

Practice Details

Identifier
C2M2-SITUATION-3D
Domain
Situational Awareness
Objective
Objective 3
Maturity Level
MIL-3

Help Text

Situational awareness reporting requirements should define the development, delivery, and maintenance of situational awareness communications needed for each type of stakeholder. For example, situational awareness communications to law enforcement will differ significantly from those to the board of directors. The plan should address near-term development and delivery and should be adjusted with some regularity in response to new or changing needs and from the assessment of the effectiveness of communications activities. These are examples of stakeholders for situational awareness reporting: · organizational leaders · cybersecurity program leadership and team members · individuals across the organization for whom a cybersecurity incident would have an impact · information sharing and analysis centers · government entities · law enforcement · connected organizations · vendors · sector organizations (such as trade associations) · regulators

These are examples of situational awareness reporting requirements: · the frequency and timing of communications · special controls over communications (e.g., encryption or secured communications) that are appropriate for some stakeholders · resources that will be required · internal and external resources that are involved in supporting the communications process · internal and external points of contact by role · communication methods and channels to be used · The assets, people, and systems (including external systems such as cellular networks) that may be unavailable during response and what backup resources may be needed

Related Practices · Information Sharing: This practice is part of a group of cross-domain practices that enable information sharing with organizational stakeholders. These include: THREAT-1i, THREAT-2h, THREAT-2k, RISK-1c1d, SITUATION-3a, SITUATION-3c, SITUATION-3d, SITUATION-3e, RESPONSE-2g, RESPONSE-3c, RESPONSE-3f.

AESCSF
AESCSF-SITUATION-3dequivalentvia derived-shared-practice-structure
View in graphReport an issue
← Back to Situational Awareness - Objective 3
Situational Awareness - Objective 37 controls
C2M2-SITUATION-3AMethods of communicating the current state of cybersecurity for the function are established and maintainedC2M2-SITUATION-3BMonitoring data are aggregated to provide an understanding of the operational state of the functionC2M2-SITUATION-3CRelevant information from across the organization is available to enhance situational awarenessC2M2-SITUATION-3DSituational awareness reporting requirements have been defined and address timely dissemination of cybersecurity information to organization-defined stakeholdersC2M2-SITUATION-3ERelevant information from outside the organization is collected and made available across the organization to enhance situational awarenessC2M2-SITUATION-3FA capability is established and maintained to aggregate, correlate, and analyze the outputs of cybersecurity monitoring activities and provide a near-real-time understanding of the cybersecurity state of the functionC2M2-SITUATION-3GPredefined states of operation are documented and can be implemented based on the cybersecurity state of the function or when triggered by activities in other domains