Cybersecurity Policy and Practice - NARUC

center for partnerships & innovation

Cybersecurity

Cybersecurity

Cybersecurity Policy and Practice

The links on this page offer a sampling of resources that describe strategies, tactics, and tools used by government and industry to minimize cybersecurity threats and vulnerabilities to critical infrastructure in the U.S.. This collection provides key foundational materials that may be valuable for NARUC members, but it is not exhaustive.

Quick Links

NASEO-NARUC Microgrids State Working Group Meeting, Dec. 17 1 - 2 pm ET

Issue Brief: Log4j Vulnerability, December 2021

Federal Funding Opportunities Guidebook, October 2021

Lessons Learned from the Ongoing Response to the COVID-19 Crisis, October 2021

Regulatory Considerations for Utility Investments in Defense Energy Resilience, October 2021

NARUC Cybersecurity Manual

Executive Orders and Federal Doctrine

Cybersecurity Frameworks and Standards

Cybersecurity Assessment Tools

Cybersecurity Capability Maturity Model (C2M2) Version 2.0(DOE)
Cyber Security Evaluation Tool (CSET) (DHS)
Cyber Resilience Review (DHS)

Cyber Workforce

Other Links

Defending Against Software Supply Chain Attacks, April 2021 (DHS/CISA, NIST)
Key Practices in Cyber Supply Chain Risk Management: Observations from Industry February 2021 (NIST)
Ransomware Guide 2020(DHS CISA/MS-ISAC)
Cybersecurity Legislation 2020 (NCSL)
Cybersecurity Best Practices for Industrial Control Systems (DHS/CISA)
Security Tip (ST18-007): Questions Every CEO Should Ask About Cyber Risks (DHS/CISA)
MITRE Att@ck
Model Procurement Contract Language Addressing Cybersecurity Supply Chain Risk – Version 1.0 (EEI)
CRITICAL INFRASTRUCTURE PROTECTION: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid (GAO)