WHITE PAPER

NERC CIP COMPLIANCE

Updates, Enforcement and Practical Implementation

Introduction

The North American Electric Reliability Corporation (NERC) is a non-profit organization tasked by the Federal Energy Regulatory Commission (part of the US Department of Energy) with ensuring the reliability of the North American electric power grid. Among its tasks are drafting and auditing standards for cyber security of the systems that monitor and control the grid. This set of standards is known as NERC CIP (Critical Infrastructure Protection). Compliance with the NERC CIP Reliability Standards requires NERC entities to adopt precise procedures and to verify their implementation. This white paper describes recent CIP requirements updates and illustrates how a NERC entity can utilize technological solutions to save time and resources assessing and managing its compliance with the primary parts of CIP.

WHAT IS NERC COMPLIANCE ENFORCEMENT?

The process by which NERC issues sanctions and ensures mitigation of confirmed violations of mandatory NERC Reliability Standards.
Enforcement utilizes the following methods:
• Directives: NERC can also issue directives to immediately address and deter new or further violations, irrespective of their presence or status (i.e., confirmed or alleged).
• Sanctions: Sanctioning of confirmed violations is determined pursuant to the NERC Sanction Guidelines and is based heavily upon the Violation Risk Factors and Violation Severity Levels of the standards requirements violated and the violations’ duration. NOTE: Entities found in violation of any standard must submit a mitigation plan for approval by NERC and, once approved, must execute this plan as
submitted.

White Paper: NERC CIP COMPLIANCE 1

, • Fines: NERC has authority to assess fines against non-compliant utilities in amounts up to $1,000,000 per violation and per day.

 

For more details on updates, enforcement and strategy for practical implementation, Download the full white paper below

View More Resources Here

White Paper: NERC CIP COMPLIANCE 2
Utilities
White Paper: NERC CIP COMPLIANCE 3
Transportation
White Paper: NERC CIP COMPLIANCE 4
Healthcare
White Paper: NERC CIP COMPLIANCE 5
Finance
White Paper: NERC CIP COMPLIANCE 6
Energy
White Paper: NERC CIP COMPLIANCE 7
Additional Industries
White Paper: NERC CIP COMPLIANCE 8

White Paper: NERC CIP COMPLIANCE 9 White Paper: NERC CIP COMPLIANCE 10 White Paper: NERC CIP COMPLIANCE 11

189 S Orange Ave #1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2019. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

THREAT INTELLIGENCE REPORT

Windows CryptoAPI Vulnerability

White Paper

Asset to Vendor Network for Power Utilities

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS