Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >C2M2
  3. >Situational Awareness
  4. >Situational Awareness - Objective 3
  5. >C2M2-SITUATION-3G
C2M2-SITUATION-3GActive

Predefined states of operation are documented and can be implemented based on the cybersecurity state of the function or when triggered by activities in other domains

Statement

Predefined states of operation are documented and can be implemented based on the cybersecurity state of the function or when triggered by activities in other domains

Location

Domain
Situational Awareness
Objective
Situational Awareness - Objective 3

Practice Details

Identifier
C2M2-SITUATION-3G
Domain
Situational Awareness
Objective
Objective 3
Maturity Level
MIL-3

Help Text

Predefined states of operation are distinct operating modes (which typically include specific IT and OT configurations as well as alternate or modified procedures) that have been designed and implemented for the function and can be invoked by a manual or automated process in response to an event, a changing risk environment, or other sensory and awareness data to provide greater safety, resilience, reliability, and/or cybersecurity. Defining predefined states of operation typically requires use of detailed architectures or topologies, documentation and detailed understanding of your assets and their priorities (ASSET-1c, ASSET-1d), categories (ASSET-2c, ASSET-2d), and attributes (ASSET-1e, ASSET-2e). The defined states might include criteria for invoking the state, such as who has the authority to trigger a state change in either direction, checklists that must be completed before moving from a degraded state to an operational state, how long the organization can survive in a particular state, or how the organization will conduct monitoring to determine when the criteria are met. Information from monitoring activities is used to trigger decisions about invoking the predefined states of operation. For example, if monitoring activities indicate an outage, this might trigger a manual process in which some analysis is done that determines that not all operations can be supported, specific decision makers must sign off on temporarily curtailing nonessential operation, and a predefined state is invoked in which certain assets are shut down. Other situations might make use of an automated process. For example, based on threat intelligence received through monitoring activities (SITUATION-3f), a ruleset triggers an upgrade of the threat level, which triggers invocation of a predefined state that shuts down critical assets. Another example of predefined states of operations could be limiting communications between IT and OT environments during a cybersecurity incident. As another example, high-risk situations may be identified that warrant additional logging, such as a safety-related emergency that requires an immediate elevation of access privileges, but they also may increase the verbosity of logging on affected devices.

Related Practices · Input From: Implementing RESPONSE-3l and THREAT-2J provides input that may be useful for implementing this practice.

AESCSF
AESCSF-SITUATION-3gequivalentvia derived-shared-practice-structure
View in graphReport an issue
← Back to Situational Awareness - Objective 3
Situational Awareness - Objective 37 controls
C2M2-SITUATION-3AMethods of communicating the current state of cybersecurity for the function are established and maintainedC2M2-SITUATION-3BMonitoring data are aggregated to provide an understanding of the operational state of the functionC2M2-SITUATION-3CRelevant information from across the organization is available to enhance situational awarenessC2M2-SITUATION-3DSituational awareness reporting requirements have been defined and address timely dissemination of cybersecurity information to organization-defined stakeholdersC2M2-SITUATION-3ERelevant information from outside the organization is collected and made available across the organization to enhance situational awarenessC2M2-SITUATION-3FA capability is established and maintained to aggregate, correlate, and analyze the outputs of cybersecurity monitoring activities and provide a near-real-time understanding of the cybersecurity state of the functionC2M2-SITUATION-3GPredefined states of operation are documented and can be implemented based on the cybersecurity state of the function or when triggered by activities in other domains