Power/Utility Industry Standards/Groups

[ftuffner]

Reached out to some cybersecurity experts asking if there were any Standards or Groups that deal with "software trust", namely to see if there was any template or framework that could make utility adoption easier. No solid answer came out, but some potential points:

• NERC CIP was mentioned, but really only for documenting and justifying network access. Nothing specific on a software process
• IEEE PES Power System Communication and Cybersecurity Committee is working on a standard for documenting configurations, but not best practices or the overall software.
• Possible NIST or CISA ties as a Software Bill of Materials, but I couldn't find any solid references there.
• IEC 62443 may have something, but it is hidden in 700+ pages of other stuff
• ISO 26514 has some "Systems and Software" development standards that may be applicable.
• ISO/IEC 5230:2020 is apparently a standard to "provide a benchmark that builds trust between organizations exchanging software solutions comprised of open source software"

The two ISO/IEC standards might have some -- I haven't had a chance to dig into them further.