Skip to Content


Proposed Agency Information Collection

Document Details

Information about this document as published in the Federal Register.

Enhanced Content

Relevant information about this document from provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.


Notice and request for public review and comment.


The Department of Energy (DOE) has submitted the Electricity Sector Cybersecurity Risk Management Maturity Pilot to the Office of Management and Budget (OMB) for clearance, a proposal for collection of information under the provisions of the Paperwork Reduction Act of 1995 (Pub. L. 104-13, 44 U.S.C. Chapter 35) and 5 CFR 1320.13.


Comments regarding this collection must be received on or before 15 days from the date of publication. If you anticipate that you will be submitting comments, but find it difficult to do so within the period of time allowed by this notice, please advise the DOE Desk Officer at OMB of your intention to make a submission as soon as possible. The Desk Officer may be telephoned at 202-395-4650.


Written comments should be sent to the DOE Desk Officer, Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive Office Building, Room 10102, 735 17th Street NW., Washington, DC 20503. And to: Samara Moore,, Fax: 202-586-1472.


Samara Moore,, Fax: 202-586-1472.


The proposed collection will be used by the Department and electric sector owners and operators to identify best practices and potential resource allocations for cybersecurity in terms of supply chain management, information sharing, asset, change and configuration management, and risk management, among others. It is imperative that the owners and operators of the nation's electric utilities, as well as the government agencies supporting the sector, have the ability to understand what capabilities and competencies will allow the sector to defend itself, and how to prioritize necessary investments. This initiative supports strategies identified in the White House Cyberspace Policy Review 2010 and the 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity. A maturity model approach was deemed to be a reasonable way to leverage existing efforts to implement key strategies designed to measure the sector's cybersecurity posture and to enable utilities to make strategic investments that will increase cybersecurity throughout the electricity sector. The pilot process will request feedback from a limited set of participants on both the model's and the assessment tool's structure and application to the unique attributes of the sector. The model structure includes domains—logical groupings of cybersecurity risk management activities—and maturity indicator levels (MILs). The content within each domain includes characteristics, which are expressions of domain activities at each level of maturity. The model is developed as a common model that can be used by the various types of entities operating within the sector, including investor-owned, municipal, and cooperative utilities. It will also enable utilities to communicate cybersecurity capabilities in meaningful terms and prioritize their cybersecurity actions and investments.

The OMB is particularly interested in comments that:

  • Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;
  • Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
  • Enhance the quality, utility, and clarity of the information to be collected; and
  • Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses.

This information collection request contains: (1) OMB No. New; (2) Information Collection Request Title: Electric Sector Cybersecurity Risk Management Maturity Initiative; (3) Type of Request: New; (4) Purpose: The Department of Energy, at the request of the White House, and in collaboration with DHS and industry experts, has developed a maturity model with owners, operators and subject matter experts to meet their request to identify and prioritize capabilities relative to risk and cost; (5) Annual Estimated Number of Respondents: 17; (6) Annual Estimated Number of Total Responses: 17; (7) Annual Estimated Number of Burden Hours: 136; (8) Annual Estimated Reporting and Recordkeeping Cost Burden: $0.

Statutory Authority: Section 301 of the Department of Energy Organization Act, codified at 42 U.S.C. 7151.

Issued in Washington, DC, on March 26, 2012.

Patricia Hoffman,

Assistant Secretary, Office of Electricity Delivery and Energy Reliability.

[FR Doc. 2012-7666 Filed 3-29-12; 8:45 am]