NERC CIP Assessment and Compliance
The CIP-C is an assessment of compliance with NERC CIP standards, and optional compliance readiness services. Illumant performs an analysis of the security of BES (Bulk Electric System) cyber systems, associated protected cyber assets, formerly CCAs (Critical Cyber Assets) and their operating environments. This includes assessments of the assets themselves, as well as assessments of their electronic security perimeters (ESPs) if applicable, physical security perimeters (PSPs), security management systems, and other non-critical cyber assets that reside within the ESPs, including any network infrastructure equipment, and physical and electronic access control and monitoring systems, along with personnel security measures and other security procedures and protocols.
Highlights
- Compliance Assessment
- Readiness/Remediation
- BES Cyber System Categorization
- Security Management Controls
- Personnel and Training
- Electronic Security Perimeter(s)
- Physical Security of BES Cyber Systems
- Systems Security Management
- Incident Reporting and Response Planning
- Recovery Plans
- Configuration Change Management and Vulnerability Assessments
- Information Protection
- Physical Security
Targets
- BES Cyber System – high, medium, low impact
- Associated protected cyber assets
- Associated physical and electronic access control and monitoring systems
- Control centers
- Backup control centers
- Transmission stations and substations
- Generation resources
- Systems and facilities critical to system restoration
- Blackstart resources
- Cranking paths
CIP compliance gap analysis readiness controls design controls documentation policies and procedures documentation
Bulk Electric System BES cyber system cyber asset personnel incident response CCA critical cyber asset Electronic Security Perimeter ESP Physical Security Perimeter PSP substations infrastructure security management systems
NERC CIP NIST
Detailed Description
The CIP standard requires a layered approach to security of systems per the table below:
| Standard | Title |
|---|---|
| CIP–002–5.1 | Cyber Security — BES Cyber System Categorization |
| CIP–003–5 | Cyber Security — Security Management Controls |
| CIP–004–5.1 | Cyber Security — Personnel and Training |
| CIP–005–5 | Cyber Security — Electronic Security Perimeter(s) |
| CIP–006–5 | Cyber Security — Physical Security of BES Cyber Systems |
| CIP–007–5 | Cyber Security — Systems Security Management |
| CIP–008–5 | Cyber Security — Incident Reporting and Response Planning |
| CIP–009–5 | Cyber Security — Recovery Plans for BES Cyber Systems |
| CIP–010–1 | Cyber Security — Configuration Change Management and Vulnerability Assessments |
| CIP–011–1 | Cyber Security — Information Protection |
| CIP-014-2 | Physical Security |
Illumant reviews the client’s compliance readiness for each of the standards above, including each of the requirements within.
After completion of the assessment Illumant will review findings and provide remediation assistance upon request.
2006-2024 © Illumant, LLC. All Rights Reserved. 