"The proposed regulations would require utilities to maintain cybersecurity programs aligned with widely recognized national cybersecurity frameworks, including the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). The proposal also establishes updated requirements for cybersecurity evaluations, incident reporting, and annual certifications designed to help ensure utilities maintain appropriate cybersecurity practices based on the size and complexity of their operations."
Fortunately for utilities, DHS CISA provides guidance to help entities implement cybersecurity best practices aligned with NIST CSF, by following CyberSecurity Performance Goals (CPG) version 2.0; https://www.cisa.gov/cybersecurity-performance-goals-2-0-cpg-2-0