The North American set of information security standards for the electricity generation / distribution industry is CIP 02-09 . In addition NERC has in draft two additional audit objectives called CIP -010 BES Cyber System Categorization and CIP 011 BES Cyber System Protection. The sponsors for NERC CIP are the US Federal Department of Energy, Homeland Security and Public Safety and Emergency Preparedness Canada.
The NERC CIP 01-011 audit objectives are described as follows:
- CIP 001-1 Sabotage Detection
- CIP 002-1 Critical Cyber Asset Identification
- CIP 003-1 Security Management Controls
- CIP 004-1 Personnel and Training
- CIP 005-1 Electronic Security Perimeter(s)
- CIP 006-1 Physical Security of Critical Cyber Assets
- CIP 007-1 Systems Security Management
- CIP 008-1 Incident Reporting and Response Planning
- CIP 009-1 Recovery Plans for Critical Cyber Assets
- CIP 010-1 BES Cyber System Categorization ( in draft)
- CIP 011 1 BES Cyber System Protection (in draft)
ERE NERC CIPS compliance audits identify security risks and non compliance issues and precise mitigation steps. We set clients expectations clearly up front by providing an audit plan for NERC CIPS compliance. At the back end of our process we provide extensive knowledge transfer including NERC CIP training. We create an audit plan for NERC CIP tailored to each client's specific needs and provide NERC CIP training.
Our NERC CIPS compliance audits also address new technologies such as Advanced Metering Infrastructure or AMI, which are often piggybacked onto networks that currently support SCADA traffic. Manufacturers of smart meters which are the backbone of AMI may claim their smart meter technology is completely secure. However ERE NERC CIP audits identify vulnerabilities that fall between the cracks, in order to verify that SCADA networks are secure.
7x24 NERC CIP Compliance Audits
Our 7x24 NERC CIP audits dramatically reduce time and cost to comply with NERC CIP 01-011 and the previous standard NERC CIP 02-09. Our clients tell us our service is unique / boutique and feature rich.
Please see more about our 7 / 24 security and privacy compliance monitoring service.
Contact Us Right Up Front
Let us assist you to budget for your next audit. May we send you a NERC audit checklist or a NERC audit template? Contact us and we'll help you scope the right sized audit for your organization.