Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NIST is proud to announce the release of DRAFT Special Publication 1800-2, Identity and Access Management for Electric Utilities
August 26, 2015

NIST's National Cybersecurity Center of Excellence (NCCoE) has released a draft of the latest NIST Cybersecurity Practice Guide, Draft Special Publication (SP) 1800-2Identity and Access Management for Electric Utilities
 
NIST's Public and Affairs office released a press release regarding this draft SP
 
The electric power industry is upgrading older, outdated infrastructure to take advantage of emerging technologies, but this also means greater numbers of technologies, devices, and systems connecting to the grid that need protection from physical and cybersecurity attacks. Additionally, many utilities run identity and access management (IdAM) systems that are decentralized and controlled by numerous departments. Several negative outcomes can result from this: an increased risk of attack and service disruption, an inability to identify potential sources of a problem or attack, and a lack of overall traceability and accountability regarding who has access to both critical and noncritical assets. 
 
To help the energy sector address this cybersecurity challenge, security engineeres at the NCCoE developed an example solution that utilities can use to more securely and efficiently manage access to the networked devices and facilities upon which power generation, transmission, and distribution depend. The solution demonstrates a centralized IdAM platform that can provide a comprehensive view of all users within the enterprise across all silos, and the access rights users have been granted, using multiple commercially available products. 
 
Electric utilities can use some or all of the guide to implement a centralized IdAM system using NIST and industry standards, including North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP). Commercial, standards-based products, like the ones we used, are easily available and interoperable with commonly used information technology infrastructure and investments.

Links to the Draft SP 1800-2 & comment template can be accesses by going to:
(1) the NCCoE's Identity and Access Management (IdAM) webpage for SP 1800-2 --OR--
(2)  Draft Special Publication (SP) 1800-2Identity and Access Management for Electric Utilitie
 
Deadline to submit comments: October 23, 2015
Email comments to: energy_nccoe@nist.gov.

 

Created December 21, 2016, Updated April 25, 2017