Smart Grid technologies will introduce millions of new intelligent components to the electric grid that communicate in much more advanced ways (e.g., two-way communications, and wired and wireless communications) than in the past. This report is for individuals and organizations who will be addressing cyber security for Smart Grid systems. The privacy recommendations, the security requirements, and the supporting analyses that are included in this report may be used by strategists, designers, implementers, and operators of the Smart Grid, e.g., utilities, equipment manufacturers, regulators, as input to their risk assessment process and other tasks in the security lifecycle of a Smart Grid information system. This report focuses on specifying an analytical framework that may be useful to an organization. It is a baseline, and each organization must develop its own cyber security strategy for the Smart Grid. The information in this report serves as guidance to various organizations for assessing risk and selecting appropriate security requirements and privacy recommendations.