ENERGY CYBERSECURITY RISK ASSESSMENT CHECKLIST TEMPLATE Created by ChecklistGuro (https://checklistguro.com) --- ASSET IDENTIFICATION & INVENTORY --- [ ] Asset Name [ ] Asset ID [ ] Asset Description [ ] Asset Type (e.g., Turbine, Substation, Solar Panel) (Turbine, Substation, Solar Panel, Wind Turbine, Generator, Transformer) [ ] Date of Last Inventory Update [ ] Asset Location (GPS Coordinates) [ ] Asset Documentation (Manuals, Schematics) --- NETWORK SECURITY --- [ ] Firewall Rule Count [ ] Firewall Vendor (Cisco, Palo Alto, Fortinet, Check Point, Other) [ ] Network Segmentation Zones (OT Network, IT Network, DMZ, Guest Network) [ ] Last Firewall Rule Review Date [ ] Description of Network Segmentation Strategy [ ] Intrusion Detection System (IDS) Status (Active, Inactive, Needs Review) [ ] Number of VPN Connections --- ENDPOINT SECURITY --- [ ] Last Vulnerability Scan Score [ ] Last Patching Date [ ] Antivirus Software (Enabled, Disabled, Not Installed) [ ] Software Updates Enabled? (Automatic, Manual, Disabled) [ ] Latest Endpoint Security Report [ ] Firewall Status (Enabled, Disabled) [ ] Number of Active EDR Agents --- DATA SECURITY & PRIVACY --- [ ] Data Encryption Status (Fully Encrypted, Partially Encrypted, Not Encrypted) [ ] Number of Data Breaches (Last Year) [ ] Data Privacy Regulations Compliance (GDPR, CCPA, NERC CIP, Other) [ ] Data Classification Policy Description [ ] Access Control Review Frequency (Monthly, Quarterly, Annually) [ ] Last Data Privacy Impact Assessment Date --- IDENTITY & ACCESS MANAGEMENT (IAM) --- [ ] Authentication Method Used (Password, Multi-Factor Authentication (MFA), Biometrics, Certificate-Based Authentication) [ ] Number of Active User Accounts [ ] Privileged Access Management (PAM) Implementation (Implemented, Partially Implemented, Not Implemented) [ ] Last Password Policy Review Date [ ] Account Access Review Frequency (Monthly, Quarterly, Annually, Ad Hoc) [ ] Description of Role-Based Access Control (RBAC) Model [ ] Typical Time for User Account Provisioning [ ] Account Lockout Policy Enforced? (Yes, No) --- SUPPLY CHAIN RISK MANAGEMENT --- [ ] Vendor Tier Level (Tier 1 (Critical), Tier 2 (Important), Tier 3 (Supporting)) [ ] Vendor Risk Score (1-10) [ ] Vendor Cybersecurity Assessment Completed? (Yes, No, Pending) [ ] Last Cybersecurity Assessment Date [ ] Summary of Vendor Cybersecurity Assessment Findings [ ] Vendor Cybersecurity Assessment Report [ ] Key Services Provided by Vendor (Software Development, Data Storage, Network Services, Physical Security) [ ] Remediation Plan for Identified Risks (if any) --- INCIDENT RESPONSE & RECOVERY --- [ ] Date of Incident [ ] Time of Incident [ ] Detailed Description of Incident [ ] Incident Severity Level (Low, Medium, High, Critical) [ ] Systems Affected (SCADA, Historian, Network Infrastructure, Workstations, Cloud Services) [ ] Containment Actions Taken [ ] Eradication Actions Taken [ ] Recovery Actions Taken [ ] Estimated Downtime (hours) [ ] Incident Responder Signature --- SECURITY AWARENESS & TRAINING --- [ ] Number of Employees Trained (Last Year) [ ] Training Delivery Method (Select all that apply) (Online Modules, Classroom Sessions, Phishing Simulations, Tabletop Exercises) [ ] Date of Last Cybersecurity Awareness Training [ ] Summary of Key Training Topics Covered [ ] Frequency of Refresher Training (Choose one) (Annually, Bi-Annually, Quarterly) [ ] Training Content Topics (Select all that apply) (Phishing Awareness, Password Security, Malware Prevention, Data Privacy, Social Engineering) --- REGULATORY COMPLIANCE --- [ ] Applicable Regulations (Select all that apply) (NERC CIP, FERC Regulations, State-Specific Energy Regulations, GDPR (if applicable), Other (Specify in Long Text)) [ ] Specify 'Other' Regulations (if selected) [ ] Last Compliance Audit Date [ ] Audit Score (if applicable) [ ] Upload Compliance Documentation [ ] Compliance Status (Compliant, Non-Compliant, Partial Compliance) [ ] Details of Non-Compliance (if applicable) --- PHYSICAL SECURITY --- [ ] Location of Main Control Room [ ] Number of Security Cameras (Active) [ ] Type of Perimeter Fencing (Chain-link, Welded Mesh, Concrete Wall, None) [ ] Date of Last Perimeter Fence Inspection [ ] Access Control Methods Employed (Keycards, Biometrics, PIN Codes, Guards) [ ] Description of Visitor Management Process [ ] Security Personnel Signature (Confirmation of Physical Security Check) --- END OF TEMPLATE --- Transform this text into a digital, automated, and trackable mobile app! Visit: https://checklistguro.com/templates/energy/energy-cybersecurity-risk-assessment-checklist-template (Click "Install Template" to launch your digital inspection tool immediately)