Standards to Secure Energy Infrastructure

Energy sector stakeholders rely upon a patchwork of standards to defend their industrial control systems (ICS) and operational technology (OT); there is no single security standard that applies to all stakeholders in all conditions. These stakeholders need guidance on which standards apply to specific activities around securing control systems during their design, procurement, construction, operation, maintenance, and disposal phases. By identifying where particular standards are more or less appropriate across different use cases, energy sector stakeholders can optimize their decision-making process, enhance their cybersecurity, and avoid costly mistakes.

Search for Standards

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, OT Services Providers
  • Purpose: Document Good Practices
  • Geographic Scope: United States
  • Functional Scope: Midstream ONG
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): 2nd Edition, June 2009; reaffirmed October 2016
  • Future Revision Plans:
  • Pages: 76

Availability

  • Availability: purchase individual standards
  • Cost: $158
Website

NIST CSF Categories

ID.GV Governance, PR.AC Identity Management and Access Control, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.PT Protective Technology, RS.RP Response Planning, RC. RP Recovery Planning

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators
  • Purpose: Document Good Practices
  • Geographic Scope: United States
  • Functional Scope: Community water systems
  • Type: Guide
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Version 3.0, September 2019
  • Future Revision Plans:
  • Pages: 58

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment, ID.RM Risk Management Strategy, ID.SC Supply Chain Risk Management, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.RP Response Planning, RS.CO Communications, RS.AN Analysis, RS.MI Mitigation, RS.IM Improvements, RC. RP Recovery Planning, RC.IM Improvements, RC.CO Communications

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: United States
  • Functional Scope: Pipelines including Midstream ONG
  • Type: Recommended Practices
  • Assurance Mechanism: non-compulsory TSA Corporate Security Reviews and Critical Facility Security Reviews
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): April 2021
  • Future Revision Plans:
  • Pages: 36

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment, ID.RM Risk Management Strategy, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.RP Response Planning, RS.CO Communications, RS.MI Mitigation, RC. RP Recovery Planning, RC.IM Improvements

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers, OT Services Providers, Third-Party Suppliers
  • Purpose: Support Ownership and Operation
  • Geographic Scope: United States
  • Functional Scope: Energy delivery systems (SCADA, EMS, DMS, DCS)
  • Type: Recommended Practices
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): April 2014
  • Future Revision Plans:
  • Pages: 46

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.GV Governance, ID.SC Supply Chain Risk Management, PR.AC Identity Management and Access Control, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, RS.CO Communications

Applicability

  • Family: IEEE Std 1888
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, OT Services Providers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Large commercial buildings energy use
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): October 2013
  • Future Revision Plans:
  • Pages: 30

Availability

  • Availability: purchase individual standards
  • Cost: $47 (member); $52 (non-member)
Website

NIST CSF Categories

PR.AC Identity Management and Access Control

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Nuclear power generation
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): August 2013
  • Future Revision Plans:
  • Pages: 57

Availability

  • Availability: purchase individual standards
  • Cost: $83 (member); $104 (non-member)
Website

NIST CSF Categories

ID.BE Business Environment, PR.AC Identity Management and Access Control

Applicability

  • Family: "IEEE Std 1711 Trial-Use Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links"
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Electric power systems using SSCP with serial communications
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): November 2019
  • Future Revision Plans:
  • Pages: 34

Availability

  • Availability: purchase individual standards
  • Cost: $51 (member); $64 (non-member)
Website

NIST CSF Categories

PR.DS Data Security

Applicability

  • Family: IEEE Std 2030
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Electric power systems using IPsec
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): March 2021
  • Future Revision Plans:
  • Pages: 17

Availability

  • Availability: purchase individual standards
  • Cost: $45 (member); $56 (non-member)
Website

NIST CSF Categories

PR.DS Data Security

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Electric power substations
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): December 2014
  • Future Revision Plans:
  • Pages: 33

Availability

  • Availability: purchase individual standards
  • Cost: $65 (member); $77 (non-member)
Website

NIST CSF Categories

PR.AC Identity Management and Access Control, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, RS.AN Analysis

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers, OT Services Providers, Systems Integrators
  • Purpose: Document Good Practices
  • Geographic Scope: International
  • Functional Scope: Electric power protection and automation systems
  • Type: Guide
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): under development
  • Future Revision Plans: Initial version under development, no ETA
  • Pages:

Availability

  • Availability: under development, not presently available
  • Cost:

NIST CSF Categories

ID.AM Asset Management, PR.DS Data Security

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators, Government and Regulatory, Original Equipment Manufacturers
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Intelligent electronic devices used in NERC CIP environments
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): December 2013
  • Future Revision Plans:
  • Pages: 28

Availability

  • Availability: purchase individual standards
  • Cost: $46 (member); $51 (non-member)
Website

NIST CSF Categories

PR.AC Identity Management and Access Control, PR.DS Data Security, PR.MA Maintenance, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Electric power substations
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): January 2000 (reaffirmed December 2008)
  • Future Revision Plans:
  • Pages: 14

Availability

  • Availability: purchase individual standards
  • Cost: $89 (member); $116 (non-member)
Website

NIST CSF Categories

ID.RA Risk Assessment, PR.AC Identity Management and Access Control

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Electric power systems using DNP3
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): October 2012
  • Future Revision Plans:
  • Pages: 821

Availability

  • Availability: purchase individual standards
  • Cost: $371 (member); $46377 (non-member)
Website

NIST CSF Categories

PR.AC Identity Management and Access Control

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, OT Services Providers
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Nuclear power generation
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 2.0, November 2019
  • Future Revision Plans: stable through 2024
  • Pages: 112

Availability

  • Availability: purchase individual standards
  • Cost: CHF 280
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment, ID.SC Supply Chain Risk Management, PR.AC Identity Management and Access Control, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, RS.IM Improvements

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers, OT Services Providers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems
  • Type: Report
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 1.0, May 2007
  • Future Revision Plans: stable through 2021
  • Pages: 35

Availability

  • Availability: purchase individual standards
  • Cost: CHF 205
Website

NIST CSF Categories

ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Electric power systems with interconnected Distributed Energy Resources (DER)
  • Type: Report
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 1.0, April 2016
  • Future Revision Plans: stable through 2021
  • Pages: 107

Availability

  • Availability: purchase individual standards
  • Cost: CHF 205
Website

NIST CSF Categories

ID.BE Business Environment, ID.RA Risk Assessment, PR.DS Data Security, RS.AN Analysis, RS.MI Mitigation

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.0, September 2016
  • Future Revision Plans: stable through 2021
  • Pages: 79

Availability

  • Availability: purchase individual standards
  • Cost: CHF 205
Website

NIST CSF Categories

PR.DS Data Security

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems
  • Type: Report
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 1.0, October 2012
  • Future Revision Plans: stable through 2021
  • Pages: 49

Availability

  • Availability: purchase individual standards
  • Cost: CHF 245
Website

NIST CSF Categories

ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.0, May 2017
  • Future Revision Plans: Update forecasted August 2022
  • Pages: 191

Availability

  • Availability: purchase individual standards
  • Cost: CHF 310
Website

NIST CSF Categories

PR.DS Data Security, PR.PT Protective Technology

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.0, April 2020
  • Future Revision Plans: stable through 2022
  • Pages: 151

Availability

  • Availability: purchase individual standards
  • Cost: CHF 310
Website

NIST CSF Categories

PR.AC Identity Management and Access Control

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.0, July 2017
  • Future Revision Plans: stable through 2021
  • Pages: 472

Availability

  • Availability: purchase individual standards
  • Cost: CHF 350
Website

NIST CSF Categories

PR.DS Data Security, PR.PT Protective Technology

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.0, October 2020
  • Future Revision Plans: stable through 2024
  • Pages: 67

Availability

  • Availability: purchase individual standards
  • Cost: CHF 205
Website

NIST CSF Categories

PR.DS Data Security, PR.PT Protective Technology

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems using IEC 60870-5 and derivatives
  • Type: Report
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 2.0, April 2013
  • Future Revision Plans: Update forecasted August 2022
  • Pages: 109

Availability

  • Availability: purchase individual standards
  • Cost: CHF 330
Website

NIST CSF Categories

PR.DS Data Security, PR.PT Protective Technology

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems using MMS and derivatives
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.1, July 2020
  • Future Revision Plans: stable through 2023
  • Pages: 494

Availability

  • Availability: purchase individual standards
  • Cost: CHF 800
Website

NIST CSF Categories

PR.DS Data Security, PR.PT Protective Technology

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems using TCP/IP
  • Type: Standard
  • Assurance Mechanism: First-party declaration of conformance
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.2, Febuary 2020
  • Future Revision Plans: Update forecasted February 2023
  • Pages: 86

Availability

  • Availability: purchase individual standards
  • Cost: CHF 150
Website

NIST CSF Categories

PR.DS Data Security, PR.PT Protective Technology

Applicability

  • Family: IEC 62351 Power systems management and associated information exchange - Data and communications security
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers, OT Services Providers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Energy management and associated data exchange systems
  • Type: Report
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 1.0, August 2008
  • Future Revision Plans: stable through 2021
  • Pages: 52

Availability

  • Availability: purchase individual standards
  • Cost: CHF 280
Website

NIST CSF Categories

Applicability

  • Family: ISA/IEC 62443 Industrial communication networks - Network and system security
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Document Good Practices
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS)
  • Type: Report
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 1.0, July 2009
  • Future Revision Plans: stable through 2021
  • Pages: 102

Availability

  • Availability: purchase individual standards
  • Cost: CHF 310
Website

NIST CSF Categories

PR.AC Identity Management and Access Control, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, RS.AN Analysis

Applicability

  • Family: ISA/IEC 62443 Industrial communication networks - Network and system security
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Government and Regulatory, Original Equipment Manufacturers, OT Services Providers, Systems Integrators, Third-Party Suppliers
  • Purpose: Document Good Practices
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS)
  • Type: Report
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 1.0, July 2009
  • Future Revision Plans: stable through 2023
  • Pages: 81

Availability

  • Availability: purchase individual standards
  • Cost: CHF 310
Website

NIST CSF Categories

ID.AM Asset Management, ID.GV Governance, ID.RA Risk Assessment

Applicability

  • Family: ISA/IEC 62443 Industrial communication networks - Network and system security
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, OT Services Providers, Systems Integrators
  • Purpose: Document Good Practices
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS)
  • Type: Guide
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 1.0, November 2010
  • Future Revision Plans: update forecasted December 2021
  • Pages: 338

Availability

  • Availability: purchase individual standards
  • Cost: CHF 340
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment, ID.RM Risk Management Strategy, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.RP Response Planning, RS.CO Communications, RS.AN Analysis, RS.MI Mitigation, RS.IM Improvements, RC.IM Improvements

Applicability

  • Family: ISA/IEC 62443 Industrial communication networks - Network and system security
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, OT Services Providers, Systems Integrators
  • Purpose: Document Good Practices
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS)
  • Type: Guide
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 1.0, June 2015
  • Future Revision Plans: stable through 2021
  • Pages: 61

Availability

  • Availability: purchase individual standards
  • Cost: CHF 310
Website

NIST CSF Categories

ID.AM Asset Management, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance

Applicability

  • Family: ISA/IEC 62443 Industrial communication networks - Network and system security
  • Type of Organization: Cybersecurity Services Providers, OT Services Providers, Systems Integrators
  • Purpose: Support Ownership and Operation
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS)
  • Type: Standard
  • Assurance Mechanism: Point-in-time third party formal certification
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.1, August 2017
  • Future Revision Plans: update forecasted August 2022
  • Pages: 389

Availability

  • Availability: purchase individual standards
  • Cost: CHF 550
Website

NIST CSF Categories

ID.AM Asset Management, ID.GV Governance, ID.RA Risk Assessment, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.CO Communications, RC. RP Recovery Planning

Applicability

  • Family: ISA/IEC 62443 Industrial communication networks - Network and system security
  • Type of Organization: Asset Owners and Operators, Systems Integrators
  • Purpose: Support Ownership and Operation
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS)
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.0, June 2020
  • Future Revision Plans: stable through 2024
  • Pages: 63

Availability

  • Availability: purchase individual standards
  • Cost: CHF 205
Website

NIST CSF Categories

ID.RA Risk Assessment

Applicability

  • Family: ISA/IEC 62443 Industrial communication networks - Network and system security
  • Type of Organization: Asset Owners and Operators, Systems Integrators
  • Purpose: Support Ownership and Operation
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS) system-type products
  • Type: Standard
  • Assurance Mechanism: Point-in-time third party formal certification
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.0, August 2013
  • Future Revision Plans: stable through 2021
  • Pages: 170

Availability

  • Availability: purchase individual standards
  • Cost: CHF 310
Website

NIST CSF Categories

ID.AM Asset Management, PR.AC Identity Management and Access Control, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.AN Analysis, RS.MI Mitigation

Applicability

  • Family: ISA/IEC 62443 Industrial communication networks - Network and system security
  • Type of Organization: Original Equipment Manufacturers
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS)
  • Type: Standard
  • Assurance Mechanism: Point-in-time third party formal certification to a specified Maturity Level
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.0, January 2018
  • Future Revision Plans: stable through 2022
  • Pages: 112

Availability

  • Availability: purchase individual standards
  • Cost: CHF 280
Website

NIST CSF Categories

ID.AM Asset Management, ID.GV Governance, ID.RA Risk Assessment, ID.SC Supply Chain Risk Management, PR.AC Identity Management and Access Control, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.PT Protective Technology, DE.AE Anomalies and Events

Applicability

  • Family: ISA/IEC 62443 Industrial communication networks - Network and system security
  • Type of Organization: Original Equipment Manufacturers
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS) component-type products
  • Type: Standard
  • Assurance Mechanism: Point-in-time third party formal certification to a specified Security Level
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1.0, February 2019
  • Future Revision Plans: stable through 2023
  • Pages: 192

Availability

  • Availability: purchase individual standards
  • Cost: CHF 330
Website

NIST CSF Categories

ID.AM Asset Management, PR.AC Identity Management and Access Control, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, RS.CO Communications, RC. RP Recovery Planning

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers, OT Services Providers, Systems Integrators
  • Purpose: Document Good Practices
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS)
  • Type: Report
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 1.0, May 2019
  • Future Revision Plans: stable through 2022
  • Pages: 30

Availability

  • Availability: purchase individual standards
  • Cost: CHF 175
Website

NIST CSF Categories

ID.BE Business Environment, ID.RA Risk Assessment, RC. RP Recovery Planning

Applicability

  • Family: ISO/IEC 27000-series ISMS Family of Standards
  • Type of Organization: General (Any Organization Type)
  • Purpose: Support Ownership and Operation
  • Geographic Scope: International
  • Functional Scope: Information technology
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 5, February 2018
  • Future Revision Plans:
  • Pages: 34

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

Applicability

  • Family: ISO/IEC 27000-series ISMS Family of Standards
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers, OT Services Providers, Systems Integrators, Third-Party Suppliers
  • Purpose: Support Ownership and Operation
  • Geographic Scope: International
  • Functional Scope: Information technology
  • Type: Standard
  • Assurance Mechanism: Three-year third party formal certification
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 2, October 2013
  • Future Revision Plans: Update under development, no ETA
  • Pages: 23

Availability

  • Availability: purchase individual standards
  • Cost: CHF 118
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.RP Response Planning, RS.CO Communications, RS.AN Analysis, RS.MI Mitigation, RS.IM Improvements, RC. RP Recovery Planning

Applicability

  • Family: ISO/IEC 27000-series ISMS Family of Standards
  • Type of Organization: General (Any Organization Type)
  • Purpose: Support Ownership and Operation
  • Geographic Scope: International
  • Functional Scope: Information technology
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 2, October 2013
  • Future Revision Plans: Update under development, no ETA
  • Pages: 80

Availability

  • Availability: purchase individual standards
  • Cost:
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.RP Response Planning, RS.CO Communications, RS.AN Analysis, RS.MI Mitigation, RS.IM Improvements, RC. RP Recovery Planning

Applicability

  • Family: ISO/IEC 15408 Information technology — Security techniques — Evaluation criteria for IT security
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Information technology products
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 3, December 2009 (reaffirmed 2015)
  • Future Revision Plans:
  • Pages: 64

Availability

  • Availability: purchase individual standards
  • Cost: CHF 178
Website

NIST CSF Categories

ID.AM Asset Management, ID.RA Risk Assessment, ID.RM Risk Management Strategy

Applicability

  • Family: ISO/IEC 15408 Information technology — Security techniques — Evaluation criteria for IT security
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Information technology products
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 3, August 2008 (reaffirmed 2014)
  • Future Revision Plans: Update under development, no ETA
  • Pages: 218

Availability

  • Availability: purchase individual standards
  • Cost: CHF 198
Website

NIST CSF Categories

PR.AC Identity Management and Access Control, PR.DS Data Security, PR.PT Protective Technology

Applicability

  • Family: ISO/IEC 15408 Information technology — Security techniques — Evaluation criteria for IT security
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Information technology products
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 3, August 2008 (reaffirmed 2014)
  • Future Revision Plans: Update under development, no ETA
  • Pages: 174

Availability

  • Availability: purchase individual standards
  • Cost: CHF 198
Website

NIST CSF Categories

ID.AM Asset Management, ID.RA Risk Assessment, ID.RM Risk Management Strategy

Applicability

  • Family: ISO/TR 22100 Safety of machinery — Relationship with ISO 12100
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers, OT Services Providers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Smart manufacturing
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Edition 1, December 2018
  • Future Revision Plans:
  • Pages: 15

Availability

  • Availability: purchase individual standards
  • Cost: $88 (ISO swiss francs; approx. $96 USD); $111 (ANSI.org)
Website

NIST CSF Categories

ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment

Applicability

  • Family: Special Publication (SP) 800-series Computer Security
  • Type of Organization: General (Any Organization Type)
  • Purpose: Document Good Practices
  • Geographic Scope: United States
  • Functional Scope: Information technology
  • Type: Recommended Practices
  • Assurance Mechanism: FISMA audits for US federal information systems
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Rev 2, December 2018
  • Future Revision Plans:
  • Pages: 183

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.AM Asset Management, ID.GV Governance, ID.RA Risk Assessment, ID.RM Risk Management Strategy, ID.SC Supply Chain Risk Management, PR.IP Information Protection Processes and Procedures, DE.CM Security Continuous Monitoring, RS.AN Analysis, RS.IM Improvements

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Original Equipment Manufacturers, OT Services Providers, Systems Integrators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: United States
  • Functional Scope: Smart grid electric systems
  • Type: Guide
  • Assurance Mechanism: N/A
  • Obligation to Comply: Voluntary

Standard Information

  • Revision(s): Rev 1, September 2014
  • Future Revision Plans:
  • Pages: 3 volumes, 668 pages

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment, ID.RM Risk Management Strategy, ID.SC Supply Chain Risk Management, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.RP Response Planning, RS.CO Communications, RS.AN Analysis, RS.MI Mitigation, RS.IM Improvements, RC. RP Recovery Planning, RC.IM Improvements, RC.CO Communications

Applicability

  • Family: Special Publication (SP) 800-series Computer Security
  • Type of Organization: General (Any Organization Type)
  • Purpose: Document Good Practices
  • Geographic Scope: United States
  • Functional Scope: Information technology
  • Type: Recommended Practices
  • Assurance Mechanism: FIPS 200 assessments and and FISMA audits for US federal information systems
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Rev 5, September 2020
  • Future Revision Plans:
  • Pages: 492

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment, ID.RM Risk Management Strategy, ID.SC Supply Chain Risk Management, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.RP Response Planning, RS.CO Communications, RS.AN Analysis, RS.MI Mitigation, RS.IM Improvements, RC. RP Recovery Planning, RC.IM Improvements, RC.CO Communications

Applicability

  • Family: Special Publication (SP) 800-series Computer Security
  • Type of Organization: Asset Owners and Operators, Cybersecurity Services Providers, Government and Regulatory, Original Equipment Manufacturers, OT Services Providers, Systems Integrators, Third-Party Suppliers
  • Purpose: Document Good Practices
  • Geographic Scope: United States
  • Functional Scope: Industrial Automation and Control Systems (IACS)
  • Type: Recommended Practices
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Rev 2, May 2015
  • Future Revision Plans: Rev 3 under development, no ETA
  • Pages: 247

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.GV Governance, ID.RA Risk Assessment, ID.RM Risk Management Strategy, ID.SC Supply Chain Risk Management, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.RP Response Planning, RS.CO Communications, RS.AN Analysis, RS.MI Mitigation, RS.IM Improvements, RC. RP Recovery Planning, RC.IM Improvements, RC.CO Communications

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 5.1a, effective December 2016
  • Future Revision Plans: Update under development, no ETA
  • Pages: 38

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.RA Risk Assessment

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 8, effective April 2020
  • Future Revision Plans: Update under development, no ETA
  • Pages: 60

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.GV Governance, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.CO Communications, RS.AN Analysis, RS.IM Improvements

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 6, effective July 2016
  • Future Revision Plans: Update under development, no ETA
  • Pages: 48

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.AM Asset Management, ID.BE Business Environment, ID.GV Governance, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, RS.CO Communications

Applicability

  • Family: North American Electric Reliability Corporation (NERC)
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 6, effective October 2020
  • Future Revision Plans: Version 7 effective October 2022; Update under development, no ETA
  • Pages: 24

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.AM Asset Management, PR.AC Identity Management and Access Control, PR.DS Data Security, PR.MA Maintenance, PR.PT Protective Technology, DE.AE Anomalies and Events, DE.CM Security Continuous Monitoring, DE.DP Detection Processes

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 6, effective July 2016
  • Future Revision Plans: Update under development, no ETA
  • Pages: 33

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.MA Maintenance, PR.PT Protective Technology, DE.CM Security Continuous Monitoring, DE.DP Detection Processes

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 6, effective July 2016
  • Future Revision Plans: Update under development, no ETA
  • Pages: 53

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.RA Risk Assessment, PR.AC Identity Management and Access Control, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.PT Protective Technology, DE.CM Security Continuous Monitoring, DE.DP Detection Processes, RS.AN Analysis, RS.MI Mitigation

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 6, effective January 2021
  • Future Revision Plans: Update under development, no ETA
  • Pages: 25

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.BE Business Environment, ID.RA Risk Assessment, PR.IP Information Protection Processes and Procedures, DE.AE Anomalies and Events, DE.DP Detection Processes, RS.RP Response Planning, RS.CO Communications, RS.AN Analysis, RS.IM Improvements

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 6, effective July 2016
  • Future Revision Plans: Update under development, no ETA
  • Pages: 26

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.BE Business Environment, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, RS.AN Analysis, RC. RP Recovery Planning, RC.IM Improvements, RC.CO Communications

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 3, effective October 2020
  • Future Revision Plans: Version 4 effective October 2022; Update under development, no ETA
  • Pages: 48

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.RA Risk Assessment, PR.DS Data Security, PR.IP Information Protection Processes and Procedures, PR.MA Maintenance, PR.PT Protective Technology, DE.CM Security Continuous Monitoring, RS.AN Analysis, RS.MI Mitigation

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 2, effective July 2016
  • Future Revision Plans: Update under development, no ETA
  • Pages: 17

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.AM Asset Management, PR.DS Data Security, PR.IP Information Protection Processes and Procedures

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 1, effective July 2022
  • Future Revision Plans: Update under development, no ETA
  • Pages: 6

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

PR.DS Data Security, PR.IP Information Protection Processes and Procedures

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 1, effective October 2020
  • Future Revision Plans: Version 2 effective October 2022
  • Pages: 14

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.BE Business Environment, ID.RA Risk Assessment, ID.RM Risk Management Strategy, ID.SC Supply Chain Risk Management, PR.AC Identity Management and Access Control, PR.AT Awareness and Training, PR.DS Data Security, PR.MA Maintenance, RS.AN Analysis

Applicability

  • Family: NERC Critical Infrastructure Protection (CIP) Standards
  • Type of Organization: Asset Owners and Operators
  • Purpose: Preserve and Protect Society's Needs
  • Geographic Scope: Continental US, most of Canada, part of Mexico
  • Functional Scope: Bulk Electric System (BES) facilities
  • Type: Standard
  • Assurance Mechanism: Compliance Audits, Self-Certification, Spot Checks, Compliance Investigations, Self- Reports and Self-Logging, Periodic Data Submittals, Complaints
  • Obligation to Comply: Mandatory

Standard Information

  • Revision(s): 2, effective October 2015
  • Future Revision Plans:
  • Pages: 37

Availability

  • Availability: public
  • Cost: free
Website

NIST CSF Categories

ID.RA Risk Assessment, DE.CM Security Continuous Monitoring

Applicability

  • Family: N/A
  • Type of Organization: Asset Owners and Operators, Original Equipment Manufacturers, Systems Integrators
  • Purpose: Support Design and Manufacturing
  • Geographic Scope: International
  • Functional Scope: Avionics
  • Type: Recommended Practices
  • Assurance Mechanism: Non-exclusive means of securing FAA approval of software components demonstrating conformance
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition C, December 2011
  • Future Revision Plans:
  • Pages: 100

Availability

  • Availability: purchase individual standards
  • Cost: $250
Website

NIST CSF Categories

ID.BE Business Environment, ID.RA Risk Assessment, ID.SC Supply Chain Risk Management, PR.DS Data Security, PR.IP Information Protection Processes and Procedures

Applicability

  • Family: UL 2900 Software Cybersecurity for Network-Connectable Products
  • Type of Organization: Cybersecurity Services Providers
  • Purpose: Promote Economic Efficiency
  • Geographic Scope: International
  • Functional Scope: Industrial Automation and Control Systems (IACS) component-type products
  • Type: Standard
  • Assurance Mechanism: N/A
  • Obligation to Comply: N/A

Standard Information

  • Revision(s): Edition 1, March 2016
  • Future Revision Plans:
  • Pages: 14

Availability

  • Availability: purchase individual standards
  • Cost: $75
Website

NIST CSF Categories

ID.SC Supply Chain Risk Management, PR.AC Identity Management and Access Control, PR.DS Data Security, PR.IP Information Protection Processes and Procedures

For questions or comments on this standards search, please contact us at [email protected].

©2025 All rights Reserved. U.S. Department of Energy (DOE)