This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Date Published: September 2019
Comments Due: November 25, 2019 (public comment period is CLOSED)
Email Questions to: firstname.lastname@example.org
Energy sector companies rely on operational technology (OT) in industrial control systems (ICS) to generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas. Given the growing complexity and critical role of these ICS environments, energy sector entities must be able to effectively identify, control, and monitor all of their OT assets to strengthen cybersecurity. We demonstrate how OT asset management practices can be enhanced by leveraging tools that may already exist in the environment or by implementing new capabilities.
This practice guide aims to help energy sector companies implement an asset management solution to monitor and manage OT assets at all times. Standards and best practices were used to deploy strong asset management solutions using commercially available technology. The guide also maps asset management capabilities to the NIST Cybersecurity Framework.
The NCCoE's practice guide NIST SP 1800-23, "Energy Sector Asset Management," can help energy sector organizations:
Access Control; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Incident Response; Maintenance; Program Management; System and Communications Protection; System and Information Integrity
Draft SP 1800-23
05/20/20: SP 1800-23 (Final)