Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Draft Cybersecurity Practice Guide--Energy Sector Asset Management

The NCCoE has released Draft SP 1800-23, "Energy Sector Asset Management," for public comment. The comment period ends November 25, 2019.

The National Cybersecurity Center of Excellence (NCCoE) has released Draft NIST Special Publication (SP) 1800-23Energy Sector Asset Management, for public comment. The comment period ends November 25, 2019.

A Practical Approach to OT Asset Management

Energy sector companies rely on industrial control system (ICS) assets within operational technology (OT) environments to generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas. Given the growing complexity and critical role of these ICS assets, energy sector entities must be able to effectively identify, control, and monitor all of their OT assets to strengthen cybersecurity. We demonstrate how OT asset management practices can be enhanced by leveraging tools that may already exist in the environment or by implementing new capabilities.

This practice guide aims to help energy sector companies implement an asset management solution to monitor and manage OT assets at all times. Standards and best practices were used to deploy strong asset management solutions using commercially available technology. The guide also maps asset management capabilities to the NIST Cybersecurity Framework.

The NCCoE’s practice guide NIST SP 1800-23, Energy Sector Asset Management can help energy sector organizations:

  • Reduce cybersecurity risk and potentially reduce impact to safety and operational risk such as power disruption
  • Develop and execute a strategy that provides continuous OT asset management and monitoring
  • Enable faster responses to security alerts through automated cybersecurity event/attack capabilities
  • Implement current cybersecurity standards and best practices while maintaining the performance of energy infrastructures

The public comment period for this document closes on November 25, 2019.  Comments will be made public after review and can be submitted anonymously. See the publication details for document files, the project description, and instructions for submitting comments. We will use your feedback to help shape the final version of this guide.

Released September 23, 2019, Updated September 28, 2019