Critical Infrastructure Protection

NERC CIP Standards

We facilitate compliance for CIP Version 5 for low, medium, or high facilities and cyber systems. Protection of Bulk Electric System critical assets ranks among our highest priorities at NAES. We ensure compliance with NERC CIP Standards in all seven NERC Reliability Regions, providing complete oversight of your CIP compliance program as well as consulting services, training and audit preparation.

Electronic Access Controls Evaluation

Requirements Becomes Measurable on January 1, 2020

The NAES NERC Team can assist power plant owners and operators in evaluating electronic access points at their facilities in order to show compliance with NERC standard  CIP-003-7.  Our NERC cyber security experts utilize the Network Security Management Software, NPView, to conduct the evaluation. NPView is the same tool used by all the NERC Regional Entities to evaluate system configurations and firewall rules during NERC audits. This service offering ensures that your facility will be made aware of potential security risks associated with your existing system configuration. NAES can assist you with addressing any identified issues prior to the effective date of January 1, 2020.

The NERC Cyber Security Experts will:

  • Evaluate firewall rules – including the level of risk associated with each rule
  • Populate an Access Control List
  • Develop a high level Network Topology Drawing, provided in Visio
  •  Conduct a Configuration Analysis of BCS connectivity to determine if the BCS is appropriately protected
  • Train all employees on controls and requirements

Optional Add-Ons:

  • Additional Firewall Evaluations
  • Inventory & Development of a BES Cyber Asset List

 

For more information, contact our team.

NERC CIP Compliance Services Offered

NAES NERC CIP Compliance Services IconCustomized Compliance Programs – full CIP program development for High, Medium, and Low Impact BES Cyber System (BCS) owners

Complete CIP Documentation Library – Over 50 CIP policy, procedure, and form templates required for compliance

Low Impact Facility Program Implementation or Review (Plant walk-down, network mapping, firewall rule review, Cyber Asset list creation, identification of LERC & LEAPs)

High and Medium Impact Facility CIP Program Support – non-intrusive review of your BCS vulnerabilities and recommendations to bolster security

Cyber Security Incident Response Plan Exercise – Assist with exercise, documentation of evidence of compliance, and lessons learned guidance

Network Design or assessment of network separation and security

Gap Analysis – Review of existing evidence of CIP compliance documentation

CIP Audit Support – Inherent Risk Assessment prep, RSAW review and development, interactive mock audits

SME Training – Program development training and tailored CIP Standards materials

Self-Report and Mitigation Plan Development

CIP Compliance Advisories – Monitoring of new CIP Standard development. Consulting on regional trends and discussions about pending changes to requirements

Let's Get in Touch