The Federal Energy Management Program (FEMP) provides agencies with guidance and direction on how to enhance the cybersecurity posture of federal facilities.
Use the following tools and resources to:
- Facilitate the implementation of Executive Order (E.O.) 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
- Describe your current cybersecurity posture and target state for cybersecurity
- Evaluate your current state for physical security
- Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process
- Assess progress toward the target state
- Communicate among internal and external stakeholders about cybersecurity risk.
Pathways for Cybersecurity Engagement
Facility Cybersecurity Framework (FCF)
FCF helps federal facilities address E.O. 13800 to strengthen the cybersecurity posture of federal agencies. The FCF Core Assessment 1.1 tool is tailored specifically to secure facility related control systems from cyber threats.
FCF distills cybersecurity best practices to help users identify, protect, detect, respond, and recover to cyber threats and vulnerabilities. Use the related Best Practices tool to mitigate gaps discovered through an assessment and understand how those gaps could be explored from known operational technology cyber-attack tactics and techniques.
Assess Facility Cyber Risk
Distributed Energy Resource Cybersecurity Framework (DERCF)
The DERCF fills a critical gap that expands upon existing cybersecurity frameworks for evaluating the cybersecurity posture of federal sites with distributed energy systems.
Available as a written guide and web-based application, the DERCF helps users pinpoint cybersecurity vulnerabilities for renewable energy systems—based on unique facilities, personnel, and operational procedures—and develops customized action plans to improve an organization's security controls and practices.
- Enhance cybersecurity management skills and resources using real-world, cyber-attack-based, hands-on, and adaptive trainings.
- Review fact sheets about securing facility related control systems and lighting systems.
- Leverage draft cybersecurity procurement and implementation language to expand and solidify cybersecurity procurement language with vendors.
- Review questions to better understand when to engage cybersecurity experts during the procurement process to help mitigate systems level and supply chain cyber threats and expedite secure and sustainable deployment and integration of critical SCADA, smart systems, and automation technology.
- Read guidance for energy delivery systems from DOE and control systems from the U.S. Department of Homeland Security.
Recommended FEMP Course