The Federal Energy Management Program (FEMP) provides agencies with guidance and direction on how to enhance the cybersecurity posture of federal facilities.

Use the following tools and resources to:

  • Facilitate the implementation of Executive Order (E.O.) 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
  • Describe your current cybersecurity posture and target state for cybersecurity
  • Evaluate your current state for physical security
  • Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process
  • Assess progress toward the target state
  • Communicate among internal and external stakeholders about cybersecurity risk.

Pathways for Cybersecurity Engagement

Cybersecurity Framework
Implement E.O. 13800's National Institute of Standards and Technology (NIST) Cybersecurity Framework in federal facilities.
Learn more
Facility Cybersecurity Capability Maturity Model (F-C2M2)
Identify areas of cybersecurity weakness and strength and connect them with management actions.
Learn more
Risk Management Framework
Connect requirements in the Risk Management Framework with the NIST Framework.
Learn more

Facility Cybersecurity Framework (FCF)

Video Url

The FCF helps facility owners and operators manage their cybersecurity risks in the operational technology systems.

Video courtesy of the U.S. Department of Energy

FCF helps federal facilities address E.O. 13800 to strengthen the cybersecurity posture of federal agencies. The FCF Core Assessment 1.1 tool is tailored specifically to secure facility related control systems from cyber threats.

FCF distills cybersecurity best practices to help users identify, protect, detect, respond, and recover to cyber threats and vulnerabilities. Use the related Best Practices tool to mitigate gaps discovered through an assessment and understand how those gaps could be explored from known operational technology cyber-attack tactics and techniques.

Assess Facility Cyber Risk

FCF Primer
Walk through of the key elements of cybersecurity management and compare progress over time.
Learn more
Qualitative Risk Assessment
Qualitatively assess risk to visualize cybersecurity vulnerabilities and impacts across assets.
Learn more
FCF Core Assessment 1.1
Engage this tool for detailed scoring and assessments on the state of a facility’s cybersecurity management.
Learn more
F-C2M2 Lite Assessment
Identify areas of cyber risk managerial improvement using this tool.
Learn more

Distributed Energy Resource Cybersecurity Framework (DERCF)

Video Url

The DERCF provides federal agency sites with a tool to assess the cybersecurity posture—or health—of their distributed energy resource systems.

Video courtesy of the U.S. Department of Energy

The DERCF fills a critical gap that expands upon existing cybersecurity frameworks for evaluating the cybersecurity posture of federal sites with distributed energy systems.

Available as a written guide and web-based application, the DERCF helps users pinpoint cybersecurity vulnerabilities for renewable energy systems—based on unique facilities, personnel, and operational procedures—and develops customized action plans to improve an organization's security controls and practices.

Learn More

Key Resources

Recommended FEMP Course



Need Assistance?

Need energy management guidance? Can't find a document or tool? FEMP can help. Ask FEMP a question.