You are here

The Federal Energy Management Program (FEMP) provides agencies with guidance and direction on how to enhance the cyber security posture of federal facilities.

Use the following tools and resources to facilitate the implementation of Executive Order (E.O.) 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

Key Outcomes

The tools and resources on this page will enable facility stakeholders to:

  • Describe their current cybersecurity posture
  • Describe their target state for cybersecurity
  • Evaluate their current state for physical security
  • Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process
  • Assess progress toward the target state
  • Communicate among internal and external stakeholders about cybersecurity risk.

Pathways for Cybersecurity Engagement

Cybersecurity Framework
Implement E.O. 13800's National Institute of Standards and Technology (NIST) Cybersecurity Framework in federal facilities.
Facility Cybersecurity Capability Maturity Model (F-C2M2)
Identify areas of cybersecurity weakness and strength and connect them with management actions.
Risk Management Framework
Connect requirements in the Risk Management Framework with the NIST Framework.

Assess Facility Cyber Risk

Facility Cybersecurity Framework (FCF) Primer
Walk through of the key elements of cybersecurity management and compare progress over time.
Qualitative Risk Assessment
Qualitatively assess risk to visualize cybersecurity vulnerabilities and impacts across assets.
FCF Core Assessment
Engage this tool for detailed scoring and assessments on the state of a facility’s cybersecurity management.
F-C2M2 Lite Assessment
Identify areas of cyber risk managerial improvement using this tool.

Distributed Energy Resource Cybersecurity Framework

The Distributed Energy Resource Cybersecurity Framework (DERCF) provides federal agency sites with a tool to assess the cybersecurity posture—or health—of their distributed energy resource systems. See the following documents to learn more about the DERCF.

Graphic illustrating a lock with multiple colors flowing through it.

Learn More

Key Resources

Features questions agencies should consider for when cybersecurity experts should be consulted in the procurement of equipment.
Web tool provides federal agencies with a framework to assess the cybersecurity posture of their distributed energy resource systems.
Document provides an overview of the Distributed Energy Resources (DER) Cybersecurity Framework and serves as a guide to apply this framework to DER.
Document provides best practices identified by research where the framework was used to assess to the cybersecurity posture of DER systems.
Document provides an overview of cybersecurity procurement and implementation guidelines for federal facilities.
Document outlines a six-step process that guides individuals responsible for mission processes in developing a cyber security program.
Fact sheet describes federal facility cybersecurity strategies gleaned from experiences at several U.S. Department of Energy national laboratories.
Fact sheet discusses cyber threats unique to lighting control systems in buildings.
Provides a brief overview of key cybersecurity requirements for agencies, utilities, and subcontractor partners on performance contracts.
Resources to help fleet managers and information technology teams plan for emerging cybersecurity vulnerabilities in modern vehicles.

Need Assistance?

Federal Energy Management Program (FEMP) Logo.

Need energy management guidance? Can't find a document or tool? FEMP can help. Ask FEMP a question.