This training provides an introduction to the Distributed Energy Resources Risk Manager (DER-RM). The DER-RM application is a tool for managing authority to operate (ATO) energy systems and renewables. The DER-RM is an extension of the National Renewable Energy Laboratory's (NREL) DER Cybersecurity Framework (DER-CF) (dercf.nrel.gov), a much broader tool for mitigating gaps in cybersecurity at facilities and organizations. The DER-CF involves increased emphasis on physical security and technical management as well as a sharper focus on distributed energy technologies, whereas the DER-RM specifically focuses on the NIST Risk Management Framework, containing controls from the NIST 800 series; a major undertaking for federal sites and a critical framework for secure operations. This training, will outline and go over each step of the DER-RM: Prepare, Categorize, Select, Implement, Assess, and Authorize by overviewing an example system going through the ATO process.
Energy and Cyber Security Integration
This curriculum offers courses that help federal agencies and private entities to actively identify, prioritize, and mitigate the risks of cyber or physical attacks on facility-related control systems while maintaining the required levels of service for efficient operations.