The IT Law Wiki


U.S. Department of Energy, Electricity Subsector Cybersecurity Risk Management Process (RMP) (DOE/OE-0003) (May 2012) (full-text).


Electricity Subsector

This guideline was developed by a team of government and industry representatives to provide a consistent and repeatable approach to managing cybersecurity risk across the electricity subsector. It is intended to be used by the electricity subsector, to include organizations responsible for the generation, transmission, distribution, and marketing of electric power, as well as supporting organizations such as vendors.

The RMP is written with the goal of enabling organizations — regardless of size or organizational or governance structure — to apply effective and efficient risk management processes and tailor them to meet their organizational requirements. This guideline may be used to implement a new cybersecurity program within an organization or to build upon an organization's existing internal cybersecurity policies, standard guidelines, and procedures.