Best Practices for Completing the Annual Security Compliance Certification (ASCC). The ASCC is an annual requirement due December 31 each year.  A webinar was conducted on November 4, 2020 to help clarify the requirements of the ASCC and a new template was reviewed.  A link to the webinar is provided above this section. At a minimum, the ASCC must be submitted (new or old format; new format strongly recommended) with applicable FERC Physical Security Checklist(s) and a completed Cyber Asset Designation Worksheet.   Below are links to help facilitate the completion of the ASCC: 

Guide on Best Practices for Controlling Security Sensitive Material. The guide is a starting point for information security planning and proposes a range of Security Sensitive Material protection strategies with examples of how to identify and manage sensitive information. The guide is not prescriptive and is not intended to substitute as policy or set any minimum standard for compliance.

Available Resources for sUAS/Drone Threat. The use of Small Unmanned Aircraft Systems (sUAS) or Drones have been an increasing concern to the critical energy infrastructure community. While sUAS/drones may be used to conduct day-to-day business operations and for the joy of recreational opportunities, misuse of these aircrafts can pose significant challenges to America’s critical infrastructure. These threats include:

  • Weaponizing or Smuggling Payloads
  • Prohibited Surveillance and Reconnaissance
  • Intellectual Property theft
  • Intentional Disruption or Harassment

To help assist critical infrastructure owners and operators address these concerns, we have provided several links for your reference.

Security Assessment Template for Group 2 Dams - A template for the Security Assessment of Group 2 dams has been prepared from a joint effort between a volunteer licensee group and FERC staff. The template consists of three parts: (1) a Microsoft Word file formatting the assessment methodology, assessment findings, recommendations and conclusions in sufficient detail to satisfy the Security Program requirements; (2) The FERC Hydro Security Inspection Form, to be filled out by the licensee (included in the MS Word base report form; and, (3) a Microsoft Excel spreadsheet used to evaluate all the security components applicable to all critical assets identified at the site. An analysis of foot, land, and water avenues of approach are included in the spreadsheet. Use of this template is not a requirement, and is provided for licensee consideration on a voluntary basis.

Sample Security Plan - A sample of a Security Plan was requested from several FERC licensees. The following (redacted) document has been created by a volunteer licensee group to fulfill that purpose. Use of this format is not a requirement, and is provided for licensee consideration on a voluntary basis only. Other Security Plan formats and content will be considered by the FERC.

Security Letters - The following letters were issued by FERC regarding security concerns at hydropower dams after September 11, 2001.

Dam Assessment Matrix for Security and Vulnerability Risk (DAMSVR) - DAMSVR is a vulnerability assessment methodology for dams developed by FERC, USBR, USACE, ASDSO, and Foos Associates LLC (now Security Management Solutions).

Contact Information

This page was last updated on April 07, 2021