Applying the Risk Management Framework: The Distributed Energy Resource Risk Manager

Charisa Powell, Tami Reynolds, Anuj Sanghvi, MD Touhiduzzaman, Joshua Van Natta, Paul Wand

Research output: NRELTechnical Report


As part of a multiyear effort, the National Renewable Energy Laboratory (NREL) has dedicated resources to understand and identify cybersecurity weaknesses in distributed energy resources (DERs) by performing assessments. Due to a lack of standardization and rapidly increasing adoption of DERs, there is a critical need to address cybersecurity needs for DER systems in an interactive way. Furthermore, federal agencies, which are required to obtain an authority to operate, are challenged by the complexities of including their DERs. To help meet this need, in early 2020, NREL released the Distributed Energy Resources Cybersecurity Framework (DERCF) and accompanying Web application. This process is supported by the Risk Management Framework (RMF) developed by the National Institute of Standards and Technology. This project, referred to as the DERCF RMF application, expands on the existing DERCF work to include methods that support walking a user through the seven RMF steps. The tool will be available for download at no cost from [link ]. The purpose of this paper is to describe the steps the DERCF team at NREL took to understand Steps 1-5 of the RMF process. Additionally, this document will identify future work on the first five steps as well as a plan for Steps 6 and 7.
Original languageAmerican English
Number of pages14
StatePublished - 2022

NREL Publication Number

  • NREL/TP-5R00-78436


  • cybersecurity
  • distributed energy resource
  • Distributed Energy Resources Cybersecurity Framework
  • risk management framework


Dive into the research topics of 'Applying the Risk Management Framework: The Distributed Energy Resource Risk Manager'. Together they form a unique fingerprint.

Cite this