Asset Management

Download the Practice Guide

The NCCoE has released the draft version of NIST Cybersecurity Practice Guide SP 1800-23, Energy Sector Asset Management. Use the button below to view this publication in its entirety or scroll down for links to a specific section.

Download the PDF »

Current Status

The NCCoE released a draft of the NIST Cybersecurity Practice Guide, SP 1800-23, Energy Sector Asset Management, on September 23, 2019. The public comment period closed on November 25, 2019 and received comments are now being reviewed.

For ease of use, the draft guide is available to download or read in volumes:

  • SP 1800-23A: Executive Summary (PDF)  

  • SP 1800-23B: Approach, Architecture, and Security Characteristics (PDF)

  • SP 1800-23C: How-To Guides (PDF)

Or download the complete guide (PDF).

Download the Energy Sector Asset Management project description or read an overview of the project on our two-page fact sheet.

Sign up for email alerts from the NCCoE to receive updates on our Energy Sector projects. If you have questions or would like to join our Community of Interest, please email the project team at energy_nccoe@nist.gov.

 

Summary

The National Cybersecurity Center of Excellence (NCCoE) at NIST has published a draft practice guide to enhance the energy sector’s asset management capabilities for operational technology (OT). This project includes a reference design and uses commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management.

Vulnerabilities in OT assets present opportunities for malicious actors to cause disruptions and power outages. To properly assess cybersecurity risk within the OT network, energy companies must be able to identify all their assets, especially the most critical.

This project describes methods for managing, monitoring, and baselining assets and also includes information to help identify threats to these OT assets. The project has resulted in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Dragos logo
ForeScout logo
Foxguard Solutions
Splunk logo
TDI Technologies logo
Tripwire logo