NREL’s Distributed Energy Resource Cybersecurity Framework (DER-CF) provides support to users in the form of web tools, user forums, answering common questions, and technical assistance.
DER-CF Web Tool Resources
Learn more about how the DER-CF tool works from the following resources, including a user forum, training video tutorial, and frequently asked questions
Distributed Energy Resource Cybersecurity Framework Tutorial
This training guides attendees through the entire process of taking an assessment on the DER-CF platform, shows why taking assessments is important, and how to get and use the results.
Take the free Federal Energy Management Program tutorial.
Frequently Asked Questions
You can create an account here. All you need is a name, email, and password to create an account and get started.
The DERCF’s three foundational pillars arecyber governance, cyber-physical technical management, and physical security.
Each domain includes a purpose statement, which is a high-level summary of the domain’s intent, followed by introductory notes that give context and introduce its practices. Each pillar includes several subdomains that further categorize assessment questions, making it easier to identify the correct personnel to answer them.
No, you do not need a cybersecurity background to take an assessment. While having knowledge in this domain is helpful, many of the questions are often non-technical and more policy oriented.
Absolutely, the assessment is a tool for anyone planning to assess and improve their organization’s cybersecurity posture, whether they currently have renewable and distributed energy resources or plan to implement these types of resources. In fact, this is a great tool to understand how the three pillars work in junction together to establish an overall plan to address cybersecurity concerns.
Yes, starting with DER-CF v2.0, you can now take multiple assessments. This is beneficial to those that may have multiple facilities and/or configurations of distributed energy resources.
There are 499 questions, and you can expect each question to take around 1-2 minutes on average to answer. The total assessment could take up to 16 hours. Your progress is saved, so you do not need to complete an assessment in one continuous session, and you can work on it at your own pace.
Yes, you can make updates to your assessment which will then update your score. In fact, making updates as you address the various three pillars can help you to track your progress as you work towards improving your cybersecurity posture.
Yes, you can skip questions you do not know and then return to answer them.
You should select ‘None’.
The Distributed Energy Resources Cybersecurity Framework (DERCF) builds on the Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2), which was developed by the U.S. Department of Energy (DOE 2014) in collaboration with the U.S. Department of Homeland Security. Specifically, the DERCF adopts controls from the ES-C2M2’s governance-oriented document and creates two additional domains mirroring the ES-C2M2 language.
Yes, all information on DER-CF is protected and confidential.
For one-on-one support, please fill out our technical assistance form
To report an issue with the DER-CF tool, or if you have specific questions about your organization’s assessment, contact DERCF@nrel.gov.