NERC Critical Infrastructure Protection
What is NERC-CIP?
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) plan is a set of cybersecurity standards developed to protect the reliability of the North American bulk power system. It is part of the broader NERC Reliability Standards. In 2007, under the authority of the Federal Energy Regulatory Commission (FERC), compliance with NERC Reliability Standards became a legal requirement for bulk power system owners and operators.
Who is the intended audience?
NERC CIP was developed for bulk power system owners and operators in the United States, Canada, and parts of Mexico.
Where can I find more information?
The following resources can be found on the North American Electric Reliability Corporation website:
- Reliability Standards for the Bulk Electric Systems of North America (.pdf)
- Reliability Standards One-Stop-Shop (.xlsx)
- Reliability Standards Implementation Guidance
How can runZero help me with these controls?
The following illustrates how runZero aligns with each of the approved standards of NERC-CIP. Where Strong alignment is noted, runZero can play a significant role in helping an organization implement safeguards. Where Partial alignment is noted, runZero can play a complementary role in helping an organization implement safeguards.
|Standard||Title||Strong alignment||Partial alignment|
|CIP-002-5.1a||BES Cyber System Categorization||✔|
|CIP-003-8||Security Management Controls|
|CIP-004-6||Personnel & Training|
|CIP-005-7||Eletronic Security Perimeter(s)||✔|
|CIP-006-6||Physical Security of BES Cyber Systems|
|CIP-007-6||System Security Management||✔|
|CIP-008-6||Incident Reporting and Response Planning|
|CIP-009-6||Recovery Plans for BES Cyber Systems|
|CIP-010-4||Configuration Change Management and Vulnerability Assessments||✔|
|CIP-012-1||Communication between Control Centers||✔|
Note: This table only includes standards with a status of Mandatory Subject to Enforcement.