NERC CIP Standards

Critical Infrastructure Protection (CIP) involves protection of vital physical and cyber assets in order to preserve the physical and economic security of the electrical grid. NAES facilitates compliance with CIP-002 through CIP-011 for Low, Medium, and High Impact facilities and cyber systems. Protection of Bulk Electric System critical assets ranks among our highest priorities at NAES. We help you ensure compliance with NERC CIP Standards in all six NERC Reliability Regions, providing complete oversight of your CIP compliance program as well as consulting services, training, and audit preparation.

October is Cyber Security Awareness Month!

National Cyber Security Awareness month (NCSAM) is held every October as a collaboration between the US government and industries. The purpose of this month long event is to raise awareness of cybersecurity and provide resources which can be used to help entities and people be safer online.

Read More

More Coming Soon

Supply Chain Management

NAES NERC Services has already developed a Supply Chain Risk Management Program for its Medium and High Impact clientele. Although CIP-013 does not become measurable until 7/1/2020, NAES has already developed a Supply Chain Risk Management Program (SCRMP) document for our Medium and High Impact clientele. We felt that developing a program document that can be customized and altered to meet additional pending NERC guidance was prudent. We have been following the five subcommittees charged with developing white papers for NERC’s consideration regarding elements of the Supply Chain Risk Management. Through working with our clientele, we have created and continue to fine tune a program that is repeatable, flexible, and meets the tenets of the standard requirements as it pertains to assessing supply chain risks.

More Coming Soon

Supply Chain Management

NAES NERC Services has already developed a Supply Chain Risk Management Program for its Medium and High Impact clientele. Although CIP-013 does not become measurable until 7/1/2020, NAES has already developed a Supply Chain Risk Management Program (SCRMP) document for our Medium and High Impact clientele. We felt that developing a program document that can be customized and altered to meet additional pending NERC guidance was prudent. We have been following the five subcommittees charged with developing white papers for NERC’s consideration regarding elements of the Supply Chain Risk Management. Through working with our clientele, we have created and continue to fine tune a program that is repeatable, flexible, and meets the tenets of the standard requirements as it pertains to assessing supply chain risks.

More Coming Soon

Training

An essential element of all good NERC CIP programs is training. NAES NERC Services has developed a CIP 101 training program, covering CIP & Cyber Security for operators with any level of experience. In addition, NAES offers annual Operator Training that traverses both Ops and Planning and CIP requirements to ensure that your Operators have the tools they need to appropriately respond to events as they arise.

More Coming Soon

Training

An essential element of all good NERC CIP programs is training. NAES NERC Services has developed a CIP 101 training program, covering CIP & Cyber Security for operators with any level of experience. In addition, NAES offers annual Operator Training that traverses both Ops and Planning and CIP requirements to ensure that your Operators have the tools they need to appropriately respond to events as they arise.

Electronic Access Controls Evaluation

Requirements Becomes Measurable on January 1, 2020

The NAES NERC Team can assist power plant owners and operators in evaluating electronic access points at their facilities in order to show compliance with NERC standard  CIP-003-7.  Our NERC cyber security experts utilize the Network Security Management Software, NPView, to conduct the evaluation. NPView is the same tool used by all the NERC Regional Entities to evaluate system configurations and firewall rules during NERC audits. This service offering ensures that your facility will be made aware of potential security risks associated with your existing system configuration. NAES can assist you with addressing any identified issues prior to the effective date of January 1, 2020.

The NERC Cyber Security Experts will:

  • Evaluate firewall rules – including the level of risk associated with each rule
  • Populate an Access Control List
  • Develop a high level Network Topology Drawing, provided in Visio
  •  Conduct a Configuration Analysis of BCS connectivity to determine if the BCS is appropriately protected
  • Train all employees on controls and requirements

Optional Add-Ons:

  • Additional Firewall Evaluations
  • Inventory & Development of a BES Cyber Asset List

 

For more information, contact our team.

Contact Our Team Today