Industrial Defender has written several blog posts related to NERC CIP requirements, including A Guide to Preventative and Detective Controls for NERC CIP-013 Compliance and One Step Forward, Two Steps Back: A History of NERC CIP.
The NERC CIP requirements are designed to protect the Bulk Electric System (BES). It can be challenging to keep track of the status of various standards and associated revisions. As of February 2021, there are twelve NERC CIP standards that are subject to enforcement, one that is subject to future enforcement (CIP-012-1), and four revisions that have been filed and are awaiting regulatory approval (CIP-002-6, CIP-005-7, CIP-010-4, and CIP-013-2).
Additional details can be found at the NERC website: https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx
To help people remember what the standards are and what they relate to, we are pleased to present the world’s first and only NERC CIP Haiku.
Identify and
Categorize Cyber Systems,
Assets. NERC CIP Two.
Consistent, sustain
Security Management
Controls. NERC CIP Three.
Personnel risk test,
security awareness,
training. NERC CIP Four.
Electronic sec-
urity Perimeter.
Controlled. NERC CIP Five.
Manage physical
access. Security plan
for BES. NERC CIP Six.
Support for System
Security Management.
Protect. NERC CIP Seven.
Incident Reports,
and Response Planning. Miti-
gate Risk. NERC CIP Eight.
Recovery Plans
to Support Stability
Functions. NERC CIP Nine.
Config Change Manage-
ment, Vulnerability
Assess. NERC CIP Ten.
Specify info.
Protection requirements
NERC CIP Eleven.
Monitor real-time
data, Comms between Control
Centers. NERC CIP Twelve.
Security controls
for supply chain risk manage-
ment. NERC CIP Thirteen.
Physically secure
Transmission stations, substat-
ions. NERC CIP Fourteen.
