NIST SPECIAL PUBLICATION 1800 -2 Identity and Access Management for Electric Utilities Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How -To Guide s (C) Jim McCarthy Don Faatz Harry Perper Chris Peloquin John Wiltberger Leah Kauffman This publication is available free of charge from: https://doi.org/10.6028/NIST.SP .1800 -2 The first draft of this publication is available free of charge from: https://www.nccoe.nist.gov/sites/default/files/library/sp1800/es -idam -nist-sp1800 -2-draft.pdf NIST SPECIAL PUBLICATION 1800 -2 Identity and Access Management for Electric Utilities Includes Executive Summary (A); Approach, Architecture, an d Security Characteristics (B) ; and How -To Guides (C) Jim McCarthy National Cybersecurity Center of Excellence Information Technology Laboratory Don Faatz Harry Perper Chris Peloquin John Wiltberger The MITRE Corporation McLean, VA Leah Kauffman, Editor -in-Chief National Cybersecurity Center of Excellence Information Technology Laboratory July 2018 U.S. Department of Commerce Wilbur Ross , Secretary National Institute of Standards and Technology Walter G. Copan , Undersecretary of Commerce for Standards and Technology and Director NIST SPECIAL PUBLICATION 1800 -2A Identity and Access Management for Electric Utilities Volume A : Executive Summary Jim McCarthy National Cybersecurity Center of Excellence Information Technology Laboratory Don Faatz Harry Perper Chris Peloquin John Wiltberger The MITRE Corporation McLean, VA Leah Kauffman, Editor -in-Chief National Cybersecurity Center of Excellence Information Technology Laboratory July 2018 This publication is available free of charge from: https://doi.org/ 10.6028/NIST.SP .1800 -2 The first draft of this publication is available free of charge from: https://www.nccoe.nist.gov/sites/default/files/libr ary/sp1800/es -idam -nist-sp1800 -2-draft.pdf NIST SP 1800 -2A: Identity and Access Management for Electric Utilities 1 This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.1800 -2 Executive Summary ▪The National Cybersecurity Center of Excellence (NCCoE) developed an example solution that electric utilities can use to more securely and efficiently manage access to the networked devices and facilities on which power generation, transmission, and distribution depend. ▪The security characteristics in this access management platform are informed by guidance and best practices from standards organizations, including the North American Electric Reliability Corporation’s (NERC ’s) Critical Infrastructure Protection (CIP) Version 5 standards. ▪This National Institute of Standards and Technology ( NIST ) Cybersecurity Practice Guide uses commercially available products that can be included alongside your current products in your existing infrastructure. The integration of these products provides a converged view of all users within the electric utility’s operational technology (OT) systems and information technology (IT) systems, as well as access to buildings and other facilities. ▪The example solution is packaged as a “How -To” guide that demonstrates the implementation of standards -based cybersecurity technologies in the real world. The guide can help organizations to gain effic iencies in access management, while saving them research and proof -of-concept costs. CHALLENGE As the electric power industry upgrades infrastructure to adopt emerging technologies, utilities are also increasing OT and IT convergence. This allows more technologies, devices, and systems to connect to the grid to improve efficiency, provide access to data often held in silos, and enhance productivity. This convergence challenge s OT and IT departmen