NERC-CIP Information Security Solutions
About the Mandatory Reliability Standards for Critical Infrastructure Protection (CIP)
The Federal Energy Regulatory Commission (FERC) has approved eight mandatory cyber-security standards that extend to all entities connected to the nation’s power grid. The standards were originally developed in 2006 by the North American Electric Reliability Corp (NERC) and periodically updated as the Critical Infrastructure Protection (CIP) Standard.
The mandatory reliability standards require certain users, owners and operators of the bulk power system to establish policies, plans and procedures to safeguard physical and electronic access to control systems, to train personnel on security matters, to report security incidents, and to be prepared to recover from a cyber incident. Written information security policies and quarterly employee security awareness are both required elements of standard.
Information Security Policy Solutions
Section R1 (Security Policy Controls) of CIP-003-1 of the standard requires the development and implementation of a written security policy that addresses all of the various security requirements of the entire cyber-security standard. Requirement R3 provides that a responsible entity must document exceptions to its policy with documentation and senior management approval.
Information Security Policies Made Easy provides everything an organization needs to build and maintain a complete set of written information security policies. Includes a comprehensive library of over 1600 pre-written information security policies and expert commentary covering each of the security areas of the NERC-CIP security standard.
» Learn More » Request a Sample
Policy topics include:
Critical Cyber Asset Identification; Security Management Controls; Personnel and Training; Electronic Security Perimeters; Physical Security of Critical Cyber Assets; Systems Security Management; Incident Reporting and Response Planning;
and Recovery Plans for Critical Cyber Assets.
Automate your NERC-CIP Security Program
Use ComplianceShield to help automate every aspect of NERC-CIP compliance. Develop and distribute security policies, define and document an control framework, educate and train employees, and prepare and manage key evidence all in a single secure platform. IT security compliance does not have to be difficult and expensive.
Ongoing Security Awareness Training
Section R1 of the Personnel and Training (CIP-004-1) requirements specifies that organizations must provide regular, ongoing security awareness education on at least a quarterly basis. Compliance Shield includes built-in security awareness training that can be targeted to employees and contractors. . » Learn More