Automation for Distributed Energy Resources Risk Manager Using OSCAL

Anuj Sanghvi, Paul Wand

Research output: NRELPresentation


The risk management framework (RMF) provides a well-organized and thorough approach to diagnose information technology (IT) system threats, to gather required materials to comply with industry standards, and to document a plan for achieving authority to operate (ATO). ATO is given by the operating authority with the awareness of vulnerabilities that arise when operating the IT system. The primary goal of the National Renewable Energy Laboratory’s (NREL’s) distributed energy resource (DER) RM application is to provide a user-friendly interface and in-depth guidance for generating the authorization package for the authorizing official to review. In other words, the application satisfies steps 1 through 7 of the RMF process with a focus on DERs.
Original languageAmerican English
Number of pages21
StatePublished - 2021

Publication series

NamePresented at the 2nd Open Security Controls Assessment Language (OSCAL) Workshop, 2-3 February 2021

NREL Publication Number

  • NREL/PR-5R00-78942


  • cybersecurity
  • DER-RM


Dive into the research topics of 'Automation for Distributed Energy Resources Risk Manager Using OSCAL'. Together they form a unique fingerprint.

Cite this