NAES recognizes that mere compliance with NERC CIP standards does not equate to Cyber Security. NAES continues to develop new Cyber Security services which will be posted on our site here in the coming weeks. If you do not see a service or product you desire, please reach out to us as we are constantly developing new partnerships, products and services that may meet your needs. The following services are available now.
Contact
Services Offered
NAES NERC Services can evaluate existing or proposed network architecture to optimize your Cyber Security posture.
Our NERC Cyber Security Experts will:
- Conduct pre-planning meetings to discuss the logistics, scope of work, and timing of deliverables
- Use existing offline tools to evaluate existing network configurations and ACLs to identify areas of vulnerability
- Advise on different structures on both the OT/IT network to optimize Cyber Security
- Evaluate necessary electronic access controls for identified BCSes due to the External Routable Connectivity and Dial-up accessible devices
- Create a network diagram of the plant using Microsoft Visio
- Present a final written report of findings and recommendations provided at the conclusion of the assessment
NAES NERC Services has developed an NERC CIP integrated approach to building Enterprise Cyber Security Policy. Enhance your cyber security posture for your organization by implementing an umbrella Cyber Security Policy (CSP) that fits your risk appetite.
Our NERC Cyber Security Experts will:
- Conduct pre-planning meetings to discuss your organizational risk tolerance, cyber security processes in place, and desired cyber security posture
- Develop a proposed CSP using our policy statement menu
- Footnote each policy statement to a NERC Standard Requirement and/or NIST reference
- Deliver a final Enterprise CSP after review and approval
Additional Information
Regular system patching is a best practice for security*. NAES recommends checking your system’s vendor sites monthly for product advisories for security vulnerabilities and patches. Here are some common sites:
National Vulnerability Database
Schweitzer Engineering Laboratories
Electricity Information Sharing and Analysis Center
Reliability Guideline: Cyber Intrusion Guide for System Operators
**Patching is not required by NERC CIP for Low Impact only Facilities.**