Skip to Content

Notice

Electricity Subsector Cybersecurity Risk Management Process Guideline

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

ACTION:

Notice of public comment.

SUMMARY:

The Department of Energy (DOE) invites public comment on DOE's intent to publish the Electricity Subsector Cybersecurity Risk Management Process guideline. The guideline describes a risk management process that is targeted to the specific needs of electricity sector organizations. The objective of the guideline is to build upon existing guidance and requirements to develop a flexible risk management process tuned to the diverse missions, equipment, and business needs of the electric power industry.

DATES:

Comments must be received on or before Thursday, April 5, 2012.

ADDRESSES:

Written comments may be submitted to Matthew Light, U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability, 1000 Independence Ave. SW., Washington, DC 20585; Fax 202-586-2623; Email: matthew.light@hq.doe.gov.

FOR FURTHER INFORMATION CONTACT:

Request for additional information should be directed to Matthew Light at matthew.light@hq.doe.gov, phone 202-316-5115.

SUPPLEMENTARY INFORMATION:

DOE invites public comment on DOE's intent to publish a guidance document entitled: Electricity Subsector Cybersecurity Risk Management Process Guideline. The primary goal of this guideline is to describe a risk management process that is targeted to the specific needs of electricity sector organizations. The objective of the guideline is to build upon existing guidance and requirements to develop a flexible risk management process tuned to the diverse missions, equipment, and business needs of the electric power industry.

The Electricity Subsector Cybersecurity Risk Management Process guideline was developed by the DOE, in collaboration with the National Institute of Standards and Technology (NIST), the North American Electric Reliability Corporation (NERC), and representatives from both the public and private sector. The NIST Special Publication 800-39, Managing Information Security Risk provides the foundational methodology for this document.

The Electricity Sector Cybersecurity Risk Management Process Guideline is available for review at: http://energy.gov/oe/downloads/draft-cybersecurity-risk-management-process-rmp-guideline.

Authority: Homeland Security Presidential Directive 7 (HSPD-7).

Issued at Washington, DC, on March 1, 2012.

Patricia A. Hoffman,

Assistant Secretary, Electricity Delivery and Energy Reliability.

[FR Doc. 2012-5512 Filed 3-6-12; 8:45 am]

BILLING CODE 6450-01-P