Compliance Guide: The NERC CIP Standards

Download Compliance Guide

The NERC CIP requirements were designed to ensure the security of North American bulk electric systems (BES) and consist of 12 standards covering security management controls, personnel and training, system security management, electronic security perimeters, disaster recovery planning, and configuration change management. These requirements are constantly evolving, and some of the most recent updates include new language around the security of transient assets, supply chain risk, and removable media events.

To comply with these regulations, utilities must collect and produce detailed information about digital assets and analyze whether these devices are deployed and accessed securely. Doing this manually can be an incredibly time-consuming (and boring) task, especially since these standards are continuously changing. In this guide, we outline:

  • What the NERC CIP requirements are
  • What each control seeks to achieve
  • How you can automate compliance efforts

We also include bonus tips from cybersecurity experts who have real-world experience complying with NERC CIP regulations at North American utilities.