NERC CIP Compliance: Your Key to Secure, Reliable Electric Power
How much do you know about the North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) standards v5? Learn more in this report. Read the full paper, "NERC CIP Compliance: Your Key to Secure, Reliable Electric Power."
What you don’t know could hurt. NERC is the nonprofit international authority charged with assuring the reliability of North American bulk power systems.
NERC’s CIP standards were created to protect the power grid in the United States, Canada and Mexico’s state of Baja California from cyberterrorism. That’s vital to all three nations’ security, public safety and economic growth.
Version 5 has been in place since April 2016, and adherence is proving to be a challenge. The CIP standards include nine rules that are both complex and mandatory, meaning they’re also relatively easy to violate.
For example, CIP-007, which covers system security management, can be violated by having insufficient password policy requirements, or by neglecting to change factory default settings for cyber assets.
Similarly, CIP-005, which requires electronic security perimeters, can be violated with the lack of a timely (90-day) review of access logs, or by creating procedures for documenting those perimeters that are deemed inadequate.
We Can Help
Compliance with all the latest NERC CIP standards requires deep knowledge and expertise in emerging technologies that can develop and help enforce a strong governance, risk management and compliance (GRC) program.
Unfortunately, many enterprises lack the staff with proper skill sets or time to implement the constant changes required by NERC CIP standards. This is where we can help.
Our NERC CIP resources include:
- Cybersecurity risk-assessment services
- Security governance programs and policies, as well as control-document development and review
- Training in security awareness
- Compliance log monitoring, log management, incident management, security device management, architecture and other management services
- Compliance-vulnerability scanning, identification and management services
- Tools integration, platform selection and implementation with data-driven governance programs
Do you need to ensure and update your NERC CIP compliance? Learn more about NERC CIP v5 standards:
- NERC’s responsibilities and the main areas covered by CIP
- Today’s most common CIP violations
- What’s behind the NERC CIP updates
- The many benefits of getting help with CIP compliance from industry experts
Read the full paper, "NERC CIP Compliance: Your Key to Secure, Reliable Electric Power."