Overview Of NERC CIP Compliance
The North American Electric Reliability Corporation (NERC) is an international regulatory authority tasked with maintaining the safety and reliability of our nation’s bulk power systems. To accomplish that mission, NERC has issued a series of Critical Infrastructure Protection (CIP) Security Standards that serve as the minimum security requirements for power generation, transmission and distribution enterprises.
The NERC CIP standards are developed using a results-based approach that focuses on performance, risk management, and entity capabilities. It includes guidelines for testing, repair and prevention of security issues of critical infrastructure assets.
Learn more about the threat landscape and the importance of an offensive approach to utility security in this post: Risk Readiness Is Critical For Infrastructure
RedTeam Security’s consultants are highly experienced in the field of critical infrastructure penetration testing and helping clients meet the NERC-CIP Standards. We can help you identify and analyze vulnerabilities in your networks, applications, industrial systems and facilities and put you on the right path to correct them.
See Us In Action
Watch as we conduct a live RedTeam engagement to hack into a U.S. power utility.
NERC CIP Standards
On November 22, 2013, NERC approved what’s known as CIP Version 5, the current set of standards for mitigating cyber risks to the bulk power system. Click on any of the standards below to see NERC’s full explanation and requirements.
Please note these standards are authored directly by NERC and are not affiliated with RedTeam Security. Many thanks to NERC for making this important security documentation available for public dissemination. For additional information, please visit NERC.com.
- CIP-002-5.1a: BES Cyber System Categorization
- CIP-003-6: Security Management Controls
- CIP-004-6: Personnel & Training
- CIP-005-5: Electronic Security Perimeter(s)
- CIP-006-6: Physical Security of BES Cyber Systems
- CIP-007-6: System Security Management
- CIP-008-5: Incident Reporting and Response Planning
- CIP-009-6: Recovery Plans for BES Cyber Systems
- CIP-010-2: Configuration Change Management and Vulnerability Assessments
- CIP-011-2: Information Protection
- CIP-014-2: Physical Security
How does your critical infrastructure organization stack up against the NERC CIP standards? Click here to download our NERC-CIP compliance checklist and find out.
NERC CIP Penetration Testing
Strengthening critical infrastructure security and resilience depends on public and private critical infrastructure owners and operators making risk-informed decisions when allocating limited resources.
With RedTeam Security’s critical infrastructure penetration testing, risk evaluation, and risk management planning help, critical infrastructure owners, operators and partners can more effectively meet the CIP Standards to maintain the integrity of the bulk power system.
TRUSTED BY TODAY’S LEADING ORGANIZATIONS
Our Penetration Testing, Social Engineering and Red Teaming services go beyond the checkbox to help prevent data breaches