Upon review, we recognize that this NIST/NCCoE publication contains potentially biased terminology. As new publications are developed, they will follow NIST’s inclusive language guidance.
Identity and Access Management (IdAM) for the Energy Sector
Many utilities have separate identity and access management (IdAM) systems for access to information technology (IT) and operational technology (OT) systems, substations, and equipment. Absent a central system to manage access to all critical resources, utilities open themselves to security risks.
Cybersecurity guidance helping energy companies manage the people and things accessing their resources and facilities
Project Abstract
To protect power generation, transmission, and distribution, energy companies need to control physical and logical access to their resources, including substations, equipment, and IT and OT resources. They must authenticate authorized individuals to these devices and facilities with a high degree of certainty. In addition, they need to enforce access control policies (e.g., allow, deny, inquire further) consistently, uniformly, and quickly across all their facilities.
In this project, the NCCoE demonstrates a converged, standards-based technical approach that unifies identity and access management (IdAM) functions across OT networks, physical access control systems, and IT systems. These networks often operate independently, which can result in identity and access information disparity, increased costs, inefficiencies, and a loss of capacity and service delivery capability. Also, these networks support different infrastructures, each with unique security risks. A converged IdAM solution can help effectively secure a utility’s complex infrastructure.
This NIST Cybersecurity Practice Guide provides a modular, end-to-end example solution of a converged IdAM system that can be tailored and implemented by energy providers of varying sizes and levels of IT sophistication. It shows energy providers how we met the IdAM security challenge using open-source and commercially available tools and technologies that are consistent with cybersecurity and NERC CIP standards.
A converged IdAM solution can help effectively secure a utility’s complex infrastructure.
Collaborating Vendors
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.
Join the Community of Interest
A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.