In late August 2015, the National Cybersecurity Center of Excellence (NCCoE) at the US National Institute of Standards and Technology (NIST) developed and released a set of draft documents entitled Identity and Access Management for Electric Utilities. A "snapshot view" of the covers of these three documents is shown below.
 |
| https://nccoe.nist.gov/projects/use_cases/idam |
The NCCoE collaborated with experts
from the energy sector to develop a use-case scenario based on day-to-day
operations and worked with technology vendors to develop example solutions
demonstrating a centralized identity and access management system that would
make changing or revoking privileges simple and quick.
The practice guide provides
instructions on how to achieve a centralized identity and access management
system and includes examples of all the necessary components and installation,
configuration, and integration. The guide, which is modular and suitable for
organizations of all sizes, also maps security characteristics to guidance and
best practices from NIST and other standards organizations, and to North American Electric Reliability Corporation’s Critical Infrastructure Protection(NERC CIP) standards.
The guide offered:
- maps security characteristics to guidance and best practices from NIST and other standards organizations, and to NERC CIP standards
- provides:
- a detailed example solution with capabilities that address security controls
- a demonstrated approach using multiple products that achieve the same result
- instructions for implementers and security engineers, including examples of all the necessary components and installation, configuration, and integration
- uses products that are readily available and interoperable with your existing information technology infrastructure and investments
- is modular and suitable for organizations of all sizes, including corporate and regional business offices, power generation plants, and substations
The documents can be found and downloaded at the URL listed above in the caption.
Call to Action
NIST and the NCCoE are asking for comments on these documents. The comment period closes October 23, 2015. You can submit comments through the Web form via this link.
