NERC Critical Infrastructure Protection

What is NERC-CIP?

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) plan is a set of cybersecurity standards developed to protect the reliability of the North American bulk power system. It is part of the broader NERC Reliability Standards. In 2007, under the authority of the Federal Energy Regulatory Commission (FERC), compliance with NERC Reliability Standards became a legal requirement for bulk power system owners and operators.

Who is the intended audience?

NERC CIP was developed for bulk power system owners and operators in the United States, Canada, and parts of Mexico.

Where can I find more information?

The following resources can be found on the North American Electric Reliability Corporation website:

How can runZero help me with these controls?

The following illustrates how runZero aligns with each of the approved standards of NERC-CIP. Where Strong alignment is noted, runZero can play a significant role in helping an organization implement safeguards. Where Partial alignment is noted, runZero can play a complementary role in helping an organization implement safeguards.

Standard	Title	Partial alignment
CIP-002-5.1a	BES Cyber System Categorization	✔
CIP-003-8	Security Management Controls
CIP-004-6	Personnel & Training
CIP-005-7	Eletronic Security Perimeter(s)	✔
CIP-006-6	Physical Security of BES Cyber Systems
CIP-007-6	System Security Management	✔
CIP-008-6	Incident Reporting and Response Planning
CIP-009-6	Recovery Plans for BES Cyber Systems
CIP-010-4	Configuration Change Management and Vulnerability Assessments	✔
CIP-011-2	Information Protection
CIP-012-1	Communication between Control Centers	✔

Note: This table only includes standards with a status of Mandatory Subject to Enforcement.

Updated May 15, 2023

Previous: Cybersecurity Maturity Model Certification (CMMC) Next: NIST Cybersecurity Framework (CSF)