Federal Register, Volume 77 Issue 45 (Wednesday, March 7, 2012)

[Federal Register Volume 77, Number 45 (Wednesday, March 7, 2012)]
[Notices]
[Page 13585]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-5512]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF ENERGY


Electricity Subsector Cybersecurity Risk Management Process 
Guideline

AGENCY: Office of Electricity Delivery and Energy Reliability, 
Department of Energy.

ACTION: Notice of public comment.

-----------------------------------------------------------------------

SUMMARY: The Department of Energy (DOE) invites public comment on DOE's 
intent to publish the Electricity Subsector Cybersecurity Risk 
Management Process guideline. The guideline describes a risk management 
process that is targeted to the specific needs of electricity sector 
organizations. The objective of the guideline is to build upon existing 
guidance and requirements to develop a flexible risk management process 
tuned to the diverse missions, equipment, and business needs of the 
electric power industry.

DATES: Comments must be received on or before Thursday, April 5, 2012.

ADDRESSES: Written comments may be submitted to Matthew Light, U.S. 
Department of Energy, Office of Electricity Delivery and Energy 
Reliability, 1000 Independence Ave. SW., Washington, DC 20585; Fax 202-
586-2623; Email: [email protected].

FOR FURTHER INFORMATION CONTACT: Request for additional information 
should be directed to Matthew Light at [email protected], phone 
202-316-5115.

SUPPLEMENTARY INFORMATION: DOE invites public comment on DOE's intent 
to publish a guidance document entitled: Electricity Subsector 
Cybersecurity Risk Management Process Guideline. The primary goal of 
this guideline is to describe a risk management process that is 
targeted to the specific needs of electricity sector organizations. The 
objective of the guideline is to build upon existing guidance and 
requirements to develop a flexible risk management process tuned to the 
diverse missions, equipment, and business needs of the electric power 
industry.
    The Electricity Subsector Cybersecurity Risk Management Process 
guideline was developed by the DOE, in collaboration with the National 
Institute of Standards and Technology (NIST), the North American 
Electric Reliability Corporation (NERC), and representatives from both 
the public and private sector. The NIST Special Publication 800-39, 
Managing Information Security Risk provides the foundational 
methodology for this document.
    The Electricity Sector Cybersecurity Risk Management Process 
Guideline is available for review at: http://energy.gov/oe/downloads/draft-cybersecurity-risk-management-process-rmp-guideline.

    Authority:  Homeland Security Presidential Directive 7 (HSPD-7).

    Issued at Washington, DC, on March 1, 2012.
Patricia A. Hoffman,
Assistant Secretary, Electricity Delivery and Energy Reliability.
[FR Doc. 2012-5512 Filed 3-6-12; 8:45 am]
BILLING CODE 6450-01-P