Sector Name:Power Delivery & Utilization - Distribution & Utilization
Document Type:Technical Results
This Product is publicly available
This technical update builds upon the previous evaluation framework, Framework for Evaluating Cyber Security Posture for Power Delivery Systems, Electric Power Research Institute (EPRI) Technical Update 3002001205, published in 2013, and provides guidance for performing a capability maturity model assessment using the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2). Currently, the ES-C2M2 is intended for application at the organization level. This document includes application guidance that may be used by utilities to apply the ES-C2M2 to systems. This technical update addresses all ten domains in the ES-C2M2, and allocates the National Institute of Standards and Technology Interagency Report (NISTIR) 7628 security requirements to objectives and maturity indicator levels (MILs) within each of the ten domains. The results of the system assessment may be used to determine the security posture of utility systems.
This document was developed jointly by several organizations, including EPRI, Department of Energy (DOE), The National Rural Electric Cooperative Association (NRECA), Carnegie Mellon University, and several utilities. It is a companion to Risk Management in Practice - A Guide for the Electric Sector, EPRI Technical Update 3002003333, also published in 2014.
For further information about EPRI, call the EPRI Customer Assistance Center at (800) 313-3774 or email firstname.lastname@example.org