On Friday, September 12, 2014, the U.S. Department of Energy released a draft for public comment of its Energy Sector Cybersecurity Framework Implementation Guidance, which is designed to “help energy sector stakeholders develop or align existing cybersecurity risk management programs to meet the objectives of the [National Institute of Standards and Technology (NIST)] Cybersecurity Framework.” Comments may be submitted until October 14, 2014.

The draft Energy Sector Framework follows from NIST’s release of its Framework for Improving Critical Infrastructure Cybersecurity (Version 1.0) in February of 2014, which was drafted and released pursuant to Executive Order 13636 “Improving Critical Infrastructure Cybersecurity,” issued by President Obama in February of 2013. The NIST Framework sets forth guidelines for organizations handling critical infrastructure (which includes the energy sector) in managing cybersecurity through risk-based application of principles and best practices, and focuses on ”using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.”

The Department of Energy’s announcement (which contains links to the draft Guidance and a Comment Submission Form) may be found here.