NAES NERC Services is a leader in NERC Standard Programs and NERC Standard Program implementation. NAES is also a leading third-party operator of power plants, with approximately 160 plants currently operated across the U.S., Canada, and Mexico. NAES is registered as the GO and/or GOP for approximately 40 facilities across all 7 regions, as such, NAES understands the critical importance of NERC compliance and our NERC Services team provides expertise for NAES-operated plants and other registered entities. 


NAES Corporation Michiko Sell Photo

Michiko Sell

Sr. NERC CIP Specialist

Contact Michiko

Services Offered

Our Cyber Security Experts will:

  • Prepare your Inherent Risk Assessment
  • Perform your Internal Controls Evaluation
  • Conduct interactive mock audits that include data requests, sampling, and interviews that replicate a regional audit
  • Develop RSAWs that include embedded links to supporting evidence of compliance
  • Provide ongoing support throughout the entire audit process

Monthly NERC CIP Advisory service to assist with notifications of both NERC and the regional entities’ changes that are pertinent to your organization. This service is the same as provided to the NAES operated fleet and is customizable to your organization's needs.

Our Cyber Security Experts will:

  • Monitor NERC and Regional Organization Standards for new or revised CIP requirements and provide notification of significant applicable changes
  • Provide new policy and procedure documentation to meet new NERC CIP Standards for the duration of the contract
  • Coordinate and host a monthly conference call to discuss proposed NERC CIP changes and their potential impact, followed by a monthly summary

NAES has developed over 50 CIP policy, procedure, and form templates required for the demonstration of compliance. Our library is fully customizable for High, Medium, and Low Impact BES Cyber System (BCS) owners and now includes a Supply Chain Risk Management program.

NAES can assist your organization with the test or exercise of your CSIRP. Choose from a variety of scenarios or let us customize one for your that is reflective of your existing BCS environment. Documentation of evidence of compliance, updates to program documents and lessons learned guidance are delivered upon the completion of each exercise.

Customized Compliance Programs – full CIP program development for High, Medium, and Low Impact BES Cyber System (BCS) owners

Low Impact Facility Program Implementation or Review (Plant walk-down, network mapping, firewall rule review, Cyber Asset list creation, identification of ERC & EAPs)

High and Medium Impact Facility CIP Program Support - non-intrusive review of your BCS vulnerabilities and recommendations to bolster security

Network Design or assessment of network separation and security

Gap Analysis – Review of existing evidence of CIP compliance documentation

SME Training – Program development training and tailored CIP Standards materials

Self-Reporting and Mitigation Plan Development