NCCOE Releases NIST Cybersecurity Best Practices for Identity Access Management.
The NCCOE achieved an exciting cybersecurity milestone with its latest publication of a draft best practice guide for Electric Utilities. The guide, released August 25th, is now available for public comment.
NIST, the utility user community, and the vendor community worked together to implement an example Identity and Access management system for the Electric Utility sector. The guide has been developed utilizing industry applicable security standards and best practices such as NERC CIP. PKI was one of many standards-based technologies used to meet the design goal of a centralized IdAM platform that supports users across several access silos – IT, OT, and physical access.
GlobalSign is proud to have contributed technology and expertise to NCCOE’s test environment that simulated a typical electric company’s IT architecture including the technology silos found in most utilities. Utilizing GlobalSign’s expertise and North American Energy Standards Board (NAESB) compliant certificates issued from the GlobalSign SaaS service, NIST was able to test uses cases that required high assurance identity credentials for user access to critical systems.
Specifically, NCCoE used the GlobalSign Enterprise PKI platform to issue NAESB certificates used in conjunction with MAG Ozone products to provide high-assurance attributes for the Personal Profile Application that involved three main user groups with specific privileges. Permissions were dynamically displayed based on the authorizations associated with a credential.
The NCCoE encourages you to read the guide and provide feedback. You can submit your comments on the submission page on the NIST and NCCoE Website