The project sponsors are seeking consistency in their application of asset management to cyber security assets, documented in an easily followed guideline which may be applied to each utility. It is recognized that a comprehensive and current inventory of these assets serves as the foundation of the asset management process. For this reason this project will place heavy emphasis on identification and discussion of the methodology and information sources required to establish an accurate and current cyber security assets inventory for use within the organization’s asset management process. A Phase 2 undertaking will address the asset management process in more depth as it utilizes the cyber security assets inventory discussed in this undertaking as an input.
The guideline will define the assets in a similar fashion to ISO 14224:2016, will be aligned with the requirements of ISO 55000 and ISO 31000, and will consider additional requirements from the Institute for Asset Management (IAM). The guideline will consider work completed by leading member utilities. The guideline will consider how to ensure requirements of the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards are met in general, without providing details of how each requirement is specifically achieved.