ERE Information Security Auditors
Home | Site Map | Contact Us | | Cyber Security News | Resource Center
list of IT security and compliance audit steps
ERE Differentiators from other vendors

NERC CIP Compliance Audit

The North American set of information security standards for the electricity generation / distribution industry is CIP 02-09 . In addition NERC has in draft two additional audit objectives called CIP -010 BES Cyber System Categorization and CIP 011 BES Cyber System Protection. The sponsors for NERC CIP are the US Federal Department of Energy, Homeland Security and Public Safety and Emergency Preparedness Canada.

The NERC CIP 01-011 audit objectives are described as follows:

  • CIP 001-1 Sabotage Detection
  • CIP 002-1 Critical Cyber Asset Identification
  • CIP 003-1 Security Management Controls
  • CIP 004-1 Personnel and Training
  • CIP 005-1 Electronic Security Perimeter(s)
  • CIP 006-1 Physical Security of Critical Cyber Assets
  • CIP 007-1 Systems Security Management
  • CIP 008-1 Incident Reporting and Response Planning
  • CIP 009-1 Recovery Plans for Critical Cyber Assets
  • CIP 010-1 BES Cyber System Categorization ( in draft)
  • CIP 011 1 BES Cyber System Protection (in draft)

ERE NERC CIPS compliance audits identify security risks and non compliance issues and precise mitigation steps. We set clients expectations clearly up front by providing an audit plan for NERC CIPS compliance. At the back end of our process we provide extensive knowledge transfer including NERC CIP training. We create an audit plan for NERC CIP tailored to each client's specific needs and provide NERC CIP training.

Our NERC CIPS compliance audits also address new technologies such as Advanced Metering Infrastructure or AMI, which are often piggybacked onto networks that currently support SCADA traffic. Manufacturers of smart meters which are the backbone of AMI may claim their smart meter technology is completely secure. However ERE NERC CIP audits identify vulnerabilities that fall between the cracks, in order to verify that SCADA networks are secure.
More Information
See more


7x24 NERC CIP Compliance Audits

Our 7x24 NERC CIP audits dramatically reduce time and cost to comply with NERC CIP 01-011 and the previous standard NERC CIP 02-09. Our clients tell us our service is unique / boutique and feature rich. Please see more about our 7 / 24 security and privacy compliance monitoring service.

Contact Us Right Up Front

Let us assist you to budget for your next audit. May we send you a NERC audit checklist or a NERC audit template? Contact us and we'll help you scope the right sized audit for your organization.


Contact Us

905 764 3246

  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.

Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2008. All rights reserved.  

   AddThis Social Bookmark Button