APPA is issuing a Request for Proposals (RFP) to conduct a review of cybersecurity frameworks and assessments used by the public power community, based on survey data gathered from public power utilities and with input from a working group of public power cybersecurity subject matter experts.

Under Subtask 2.1 of the project plan for APPA’s Cyber Pathways cooperative agreement with the Department of Energy, APPA will conduct a review of available baselining and assessment tools to determine their suitability for various types and sizes of public power utilities, given the range of sizes and resources within the public power community. The review will evaluate whether the assessments can be reasonably completed by resource-limited utilities and whether they provide sufficient information to generate a useful baseline of the community.

1. The scope of work references a survey.

• Has a survey already been completed?

The survey has not yet been issued. It is expected to be issued closer in time to the selection of a final contractor.

• If not, do we need to generate survey questions or will that be done by APPA?

APPA has already developed draft questions but input will be accepted from the selected firm.

2. Is there an upper limit on the number of cybersecurity standards to be assessed? The RFP lists 6 already.

There is no fixed limit as the survey will include a free answer box for utilities not using one of the six listed standards, but the focus will be on reviewing standards that already have a wide use within the public power community as the objective is to select a standard that many utilities are already familiar with and may already have in use.