NIST Releases Access Management Guidance for Energy Companies

A division of the National Institute of Standards and Technology (NIST) has released draft guidance for energy companies to manage access to their networked resources, including industrial control systems and information technology. In the draft guidance, the National Cybersecurity Center of Excellence (NCCoE) offers step-by-step instructions to help energy companies address the risk associated with having multiple access points that can grant hackers access to the company’s entire network. The guidance was developed principally based on the experience of electric utilities and their vendors, but can be used by other energy companies that have decentralized identity and access management (IdAM) systems. In the draft guidance, NCCoE offers an example solution that companies can use to more securely and efficiently manage access to networked devices and facilities; the solution demonstrates a centralized IdAM platform that can provide a comprehensive view of all users within the enterprise across all silos, and the access rights users have been granted, using multiple commercially available products. Comments on the proposed guidance are due October 23, 2015.

Back to top