On January 8, 2015, the Energy Department released guidance to help the energy sector establish or align existing cybersecurity risk management programs to meet the objectives of the Cybersecurity Framework released by the National Institutes of Standards and Technology (NIST) in February 2014. The voluntary Cybersecurity Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure and was developed in response to Executive Order 13636 “Improving Critical Infrastructure Cybersecurity” through collaboration between industry and government. In developing this guidance, the Energy Department collaborated with private sector stakeholders through the Electricity Subsector Coordinating Council and the Oil & Natural Gas Subsector Coordinating Council. The Department also coordinated with other Sector Specific Agency representatives and interested government stakeholders.
The Energy Sector Cybersecurity Framework Implementation Guidance is available below for downloading.