The NERC Critical Infrastructure Protection (CIP) program coordinates all of NERC’s efforts in improving and advancing numerous physical and cybersecurity initiatives for the bulk power system of North America as it relates to reliability, along with other important measures, such as safety and security. As for the actual NERC CIP standards, they consist of the following:
- CIP 001 Sabotage Reporting
- CIP 002 Critical Cyber Asset Identification
- CIP 003 Security Management Controls
- CIP 004 Personnel & Training
- CIP 005 Electronic Security Perimeter(s)
- CIP 006 Physical Security of Critical Cyber Assets
- CIP 007 Systems Security Management
- CIP 008 Incident Reporting and Response Planning
- CIP 009 Recovery Plans for Critical Cyber Assets
- CIP 010 Configuration Change Management and Vulnerability Assessments
- CIP 011 Information Protection
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
NERC Critical Infrastructure Protection (CIP) | Changes in the Works
In December 2010, NERC approved an enhancement to its Critical Cyber Asset Identification standard (CIP-002 version 4) that establishes bright-line criteria for the identification of critical assets. This enhanced standard was filed with the Federal Energy Regulatory Commission (FERC) in February 2011, and FERC approved the standard on April 19, 2012. The implementation of the CIP standards under the bright-line approach is currently underway.
Additionally, fast on its way is version 5, which is told to bring sweeping changes to the NERC CIP program, one that resembles the compliance mandates “look” and “feel” of the well-known Payment Card Industry Data Security Standards (PCI DSS) compliance, according to James Holler, principle at Abidance Consulting, who along with hundreds of others is a member of the Standard Drafting Team (SDT) which worked for the better part of a year drafting NERC CIP v5 using the NIST 800 standards as a baseline.
Security Policies are Critical for NERC CIP Compliance
When looking at the NERC CIP program, it becomes quite clear that a large number of well-written and comprehensive information security policies and procedures are required. After all, policies and procedures establish formalized practices for many critical areas within an organization, something that the NERC CIP program strongly adheres to. From Incident reporting to configuration change management – and many other areas within the NERCI CIP program, information security policies and procedures are critical.
Your solution is the Global Information Security Compliance Packet (GISCP) set of industry leading operational, business specific, and information security policies, procedures, forms, checklists, templates – and more – from Flat Iron Technologies, LLC. With hundreds of documents included, it’s arguably some of the finest security material found anywhere.