Skip to content

ANNOUNCEMENT: Get Software Supply Chain Accountability with a Software Bill of Materials (SBOM). Learn More >>

Speak with an Expert


What is NERC CIP Compliance Enforcement?

Reduce time and resources required to manage new NERC CIP compliance.

The North American Electric Reliability Corporation (NERC) is a non-profit organization tasked by the US Department of Energy with ensuring the reliability of the North American electric power grid. Among its responsibilities are drafting and auditing standards for cyber security of the systems that monitor and control the grid. This set of standards is known as NERC CIP (Critical Infrastructure Protection). Compliance with the NERC CIP Reliability Standards requires NERC entities to adopt precise procedures and to verify their implementation.

What is NERC CIP Compliance Enforcement?

The process by which NERC issues sanctions and ensures mitigation of confirmed violations of mandatory NERC Reliability Standards.
Enforcement utilizes the following methods:

NERC can also issue directives to immediately address and deter new or further violations, irrespective of their presence or status (i.e., confirmed or alleged).
Sanctions: Sanctioning of confirmed violations is determined pursuant to the NERC Sanction Guidelines and is based heavily upon the Violation Risk Factors and Violation Severity Levels of the standards requirements violated and the violations’ duration. NOTE: Entities found in violation of any standard must submit a mitigation plan for approval by NERC and, once approved, must execute this plan as submitted.

NERC has authority to assess fines against non-compliant utilities in amounts up to $1,000,000 per violation and per day.

Download the whitepaper for more details on updates, enforcement, and strategy for practical implementation.