An organization typically starts by using the framework to develop a “Current Profile” which describes its cybersecurity activities and what outcomes it is achieving. It can then develop a “Target Profile”, or adopt a baseline profile tailored to its sector (e.g. infrastructure industry) or type of organization. It can then define steps switch from its current profile to its target profile.

Educational Institution Connections:

Protect Our Power is seeking an Educational Institution to develop information within this Topic for use by North American Electric Utilities. Contact Erick Ford at for more information or to recommend an Educational Institution.