I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Security considerations section is insufficient. Otherwise the document is in pretty good shape (with nits). This document is essentially a set of use cases guiding the energy management's (eman) working group's work, as well as providing a description of the relationship of the IETF's eman's framework to other relevant energy monitoring standards. Of particular interest, perhaps, is that eman is using SNMP to convey energy device information. The use cases are very clearly described, and we're grateful for the "essential properties" breakout summaries ("target devices," "how powered," and "reporting") at the bottom of each use case. All that said, I was extremely surprised to get to the "Security considerations" section and find that it consisted of but two generic sentences about SNMP. We are all aware of issues related to the sensitivity of the electric grid, and powered devices, to security vulnerabilities and that this is a time of heightened scrutiny of how the grid is secured. This necessarily extends to monitoring, and there is certainly a *lot* of information that may be gleaned by an attacker from monitoring power consumption, as well as manipulation of the grid by an attacker inserting bogus monitoring messages. There does not appear to have been any work done within the group on developing a threat model for energy monitoring, which strikes me as problematic. However, even in the absence of an interest in developing one, a quick summary of the sorts of attacks that must be considered in the development and deployment of energy monitoring mechanisms strikes me as far, far, far more useful than a one-sentence rundown of generic security mechanisms provided by SNMPv3. Minor comments: 1) This is more by way of guidance, but it should be noted that while the information model may be portable to YANG, netconf, and others, the security models and technologies used to secure those protocols may be (and are) different, and security properties need to be given serious consideration before moving the information model to another conveyance. 2) the I-D nit checker found a number of problems in the references, as well as a few other problems. https://tools.ietf.org/idnits?url=https://tools.ietf.org/id/draft-ietf-eman-applicability-statement-08.txt Trivial nits: 1) In section 1.2, the document name/reference should be separated from the document description by a colon and space 2) In that same section there's a stray period at the very bottom of page 4 3) Section 2, first paragraph: "This section a presents energy management scenarios [ ... ]". That 'a' (third word) needs to be removed. 4) For some reason the section header for section 2.8 does not appear bolded, while those for other subsections do. Melinda