Overview of Cyber Security Standards and Best Practices

Given the complexity of business processes and the wide variety of cyber assets used in the Smart Grid environment, no single cyber security existing standard can address all security requirements, security controls, resilience strategies, and technologies. Some standards and guidelines are focused on the high level organizational security requirements and more detailed recommended controls (What), while other standards focus on the technologies that can be used to supply these cyber security controls (How).

While many additional documents are available from national organizations, the key NIST, IEC, ISO, IEEE, NIST, and IETF cyber security standards and best practices are illustrated below, organized by type (What, How, Conformance) and by level (High general level, high energy-specific level, detailed technical level).

Key cyber security standards and guidelines applying to the Smart Energy operational environment

ISO/IEC 27000
series

NIST Framework

IEC 62443 series

NISTIR 7628

IEC 62351