Asset Management

Download the Practice Guide

The NCCoE has released the final version of NIST Cybersecurity Practice Guide SP 1800-23, Energy Sector Asset Management. Use the buttons below to view this publication in its entirety or scroll down for links to a specific section.

Download the PDF » Open Web Version »

Current Status

The NCCoE released the NIST Cybersecurity Practice Guide, SP 1800-23, Energy Sector Asset Management.

For ease of use, the final guide is available to download or read in volumes:

  • SP 1800-23A: Executive Summary (PDF) (web page)  

  • SP 1800-23B: Approach, Architecture, and Security Characteristics (PDF) (web page)

  • SP 1800-23C: How-To Guides (PDF) (web page)

Or download the complete guide (PDF).

Download the Energy Sector Asset Management project description or read an overview of the project on our two-page fact sheet.

If you have questions or would like to join our Community of Interest, please email the project team at energy_nccoe@nist.gov.

 

Summary

The National Cybersecurity Center of Excellence (NCCoE) at NIST published a practice guide to enhance the energy sector’s asset management capabilities for operational technology (OT). This project includes a reference design and uses commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management.

Vulnerabilities in OT assets present opportunities for malicious actors to cause disruptions and power outages. To properly assess cybersecurity risk within the OT network, energy companies must be able to identify all their assets, especially the most critical.

This project describes methods for managing, monitoring, and baselining assets and also includes information to help identify threats to these OT assets. The project has resulted in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

ForeScout logo
Foxguard Solutions
Splunk logo
TDI Technologies logo
Tripwire logo