Guide to the Distributed Energy Resource Risk Management Framework

Dana-Marie Thomas, Anuj Sanghvi, MD Touhiduzzaman, Paul Wand, Tami Reynolds

Research output: NRELTechnical Report


The emergence of distributed energy resources (DERs) has transformed the electric power sector and will likely have even more profound impacts on the future evolution of the United States energy sector as it modernizes and becomes more reliant upon complex informatics programming and systems to ensure that our power grid remains safe from malicious interference. To mitigate risks associated with the increased and diversified use of DERs, the Distributed Energy Resource Cybersecurity Framework (DER-CF) was developed in 2019. The National Renewable Energy Laboratory extended the scope of the DER-CF to include the RMF. To address the challenges faced by federal energy managers and energy system stakeholders in applying the RMF to DER systems, the Distributed Energy Resource Risk Manager (DER-RM) is a six-step process to proactively manage cybersecurity risk in a methodical manner. The DER-RM is independent of the DER-CF's existing assessment, allowing users to focus specifically on the RMF steps. The tools are targeted to different processes - DER-CF enables organizations to perform self-assessments to improve their cybersecurity posture, while DER-RM assists organizations in achieving compliance with specific requirements. This document provides an overview of the DER-RM. The RMF process outlined in this report serves as a guide to diagnose information and operational system threats, gather required materials to comply with industry standards, and document plans for achieving Authority to Operate. Using the DER-RM, federal agencies and other organizations can easily and intuitively follow the RMF process, manage the risks to their grid-edge infrastructure through the integration of their on-site DERs, and comply with appropriate requirements.
Original languageAmerican English
Number of pages27
StatePublished - 2022

NREL Publication Number

  • NREL/TP-5R00-81715


  • cybersecurity
  • DER
  • DER-CF
  • DER-RM
  • distributed energy resources
  • Federal Energy Management Program
  • FEMP


Dive into the research topics of 'Guide to the Distributed Energy Resource Risk Management Framework'. Together they form a unique fingerprint.

Cite this