center for partnerships & innovation



NARUC Cybersecurity Manual


NARUC has developed the Cybersecurity Manual, a comprehensive suite of cybersecurity tools, to help public utility commissions (PUCs) gather and evaluate information from utilities about their cybersecurity risk management and preparedness.

Components of the Cybersecurity Manual can be used individually but are designed to work together. NARUC’s intent is to provide a comprehensive set of assessment tools that, when applied, provide a consistent, complete view of utilities’ cybersecurity preparedness. The diagram below depicts the complementary, process-oriented relationship among these components.

Quick Links

The Future of Microgrids: A Virtual Site Visit to Schneider Electric's Global R&D Center, July 22, 3:15 pm ET Register Here

NARUC-NASEO Microgrids State Working Group Webinar: Utility Microgrid Procurement, August 19, 3:00 pm ET Register Here

Advancing Electric System Resilience with Distributed Energy Resources: A Review of State Policies, April 2020 

Advancing Electric System Resilience with Distributed Energy Resources: Key Questions and Resources, April 2020

The Value of Resilience for Distributed Energy Resources: An Overview of Current Analytical Practices, April 2019

NARUC Cybersecurity Manual

The content of each component in the Cybersecurity Manual is customizable to meet specific goals, objectives, and requirements that PUCs have established around cybersecurity, complementing resources developed by and for utilities and other practitioners. Geared toward non-technical, policy-oriented users, each component captures information in sufficient detail to support PUC decision making.


This document aims to guide commissions’ interactions with their utilities on issues related to cybersecurity, drawing from the experiences of federal, state, and private-sector stakeholders, including state PUCs themselves. Further, it provides guidance and practices for regulators to consider as they develop and implement their strategies. Commissions that have already developed a strategy can use this guide to review and enhance their current strategy. Download

This resource provides a set of comprehensive, context-sensitive questions that PUCs can ask of a utility to gain a detailed understanding of its current cybersecurity risk management program and practices. The questions build upon and add to those included in prior NARUC publications. Download

The CPET provides a structured approach for PUCs to use in assessing the maturity of a utility’s cybersecurity risk management program and gauging capability improvements over time. The CPET is designed to be used with the Questions for Utilities on an iterative basis to help PUCs identify cybersecurity gaps, spur utilities’ adoption of additional mitigation strategies, and inform cybersecurity investment decisions. Download

This glossary contains cybersecurity terms used throughout the Cybersecurity Manual, as well as “terms of art” that utilities may use during discussions with PUCs. It also contains a list of icybersecurity related events that demonstrate the growing threats and vulnerabilities against critical infrastructure sectors. Open