NERC CIP Compliance

Protect Your Critical Infrastructure

Talk To An Expert

Critical Infrastructure Protection

The country relies on the security of its critical national infrastructure. Are you following the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standards?


The North American Electric Reliability Corporation (NERC) is an international regulatory authority tasked with maintaining the safety and reliability of our nation’s bulk power systems. To accomplish that mission, NERC has issued a series of Critical Infrastructure Protection (CIP) Security Standards that serve as the minimum security requirements for power generation, transmission and distribution enterprises.

The standards are developed using a results-based approach that focuses on performance, risk management, and entity capabilities. It includes guidelines for testing, repair and prevention of security issues of critical infrastructure assets.

RedTeam Security’s consultants are highly experienced in the field of critical infrastructure and helping clients meet the NERC-CIP Standards. We can help you identify and analyze vulnerabilities in your networks, applications, industrial systems and facilities and put you on the right path to correct them.

See Us In Action

Watch as we conduct a live RedTeam engagement to hack into a U.S. power utility.


  • NERC CIP Standards

    On November 22, 2013, NERC approved what’s known as CIP Version 5, the current set of standards for mitigating cyber risks to the bulk power system. Click on any of the standards below to see NERC’s full explanation and requirements.

    Please note these standards are authored directly by NERC and are not affiliated with RedTeam Security. Many thanks to NERC for making this important security documentation available for public dissemination. For additional information, please visit

    CIP-002-5.1a: BES Cyber System Categorization
    CIP-003-6: Security Management Controls
    CIP-004-6: Personnel & Training
    CIP-005-5: Electronic Security Perimeter(s)
    CIP-006-6: Physical Security of BES Cyber Systems
    CIP-007-6: System Security Management
    CIP-008-5: Incident Reporting and Response Planning
    CIP-009-6: Recovery Plans for BES Cyber Systems
    CIP-010-2: Configuration Change Management and Vulnerability Assessments
    CIP-011-2: Information Protection
    CIP-014-2: Physical Security

  • Penetration Testing

    Strengthening critical infrastructure security and resilience depends on public and private critical infrastructure owners and operators making risk-informed decisions when allocating limited resources.

    With RedTeam Security’s penetration testing, risk evaluation, and risk management planning help, critical infrastructure owners, operators and partners can more effectively meet the CIP Standards to maintain the integrity of the bulk power system.

    RedTeam Security’s penetration testing is done by experts who can view the infrastructure’s security posture through the eyes of both developers and hackers. Our highly trained security consultants’ dual awareness drives efforts to:

    • Identify flaws present in the environment
    • Understand the organization’s level of risk
    • Help address and fix identified flaws

    Testing your security controls employing the real-world ways in which hackers might compromise personnel (via social engineering), physical premises, and networks and IT assets, Red Team penetration testing is a multi-step process involving:

    1. Information Gathering
    2. Threat Modeling
    3. Vulnerability Analysis
    4. Exploitation
    5. Post-Exploitation
    6. Reporting

    Our pen testers will then produce findings in written reports and provide your team with the guidance necessary to effectively remediate any issues we uncover. Since our goal is always to provide the best possible ongoing customer experience and service, our report is only a small part of the deliverable from our experts. An online remediation knowledge base and dedicated remediation staff provide continued input into effective and efficient methods of mitigating risk. RedTeam’s remediation re-testing is also always provided at no additional cost.

    With the sweeping scope of critical infrastructure including physical and virtual systems and assets vital to national security, economic security, public health or safety, or any combination of those, risk management and supporting security resilience are paramount.

    Amp up your security prevention and protection activities starting with a free RedTeam consultation today.

NERC-CIP Compliance Checklist

Are you complying with all NERC-CIP Security Standards? Download our free checklist to find out.



Our Penetration Testing, Social Engineering and Red Teaming services go beyond the checkbox to help prevent data breaches

Schedule Your Critical Infrastructure Penetration Test Today

Get Started!