The CIP-C is an assessment of compliance with NERC CIP standards, and optional compliance readiness services. Illumant performs an analysis of the security of BES (Bulk Electric System) cyber systems, associated protected cyber assets, formerly CCAs (Critical Cyber Assets) and their operating environments. This includes assessments of the assets themselves, as well as assessments of their electronic security perimeters (ESPs) if applicable, physical security perimeters (PSPs), security management systems, and other non-critical cyber assets that reside within the ESPs, including any network infrastructure equipment, and physical and electronic access control and monitoring systems, along with personnel security measures and other security procedures and protocols.
CIP compliance gap analysis readiness controls design controls documentation policies and procedures documentation
Bulk Electric System BES cyber system cyber asset personnel incident response CCA critical cyber asset Electronic Security Perimeter ESP Physical Security Perimeter PSP substations infrastructure security management systems
NERC CIP NIST
The CIP standard requires a layered approach to security of systems per the table below:
|CIP–002–5.1||Cyber Security — BES Cyber System Categorization|
|CIP–003–5||Cyber Security — Security Management Controls|
|CIP–004–5.1||Cyber Security — Personnel and Training|
|CIP–005–5||Cyber Security — Electronic Security Perimeter(s)|
|CIP–006–5||Cyber Security — Physical Security of BES Cyber Systems|
|CIP–007–5||Cyber Security — Systems Security Management|
|CIP–008–5||Cyber Security — Incident Reporting and Response Planning|
|CIP–009–5||Cyber Security — Recovery Plans for BES Cyber Systems|
|CIP–010–1||Cyber Security — Configuration Change Management and Vulnerability Assessments|
|CIP–011–1||Cyber Security — Information Protection|
Illumant reviews the client’s compliance readiness for each of the standards above, including each of the requirements within.
After completion of the assessment Illumant will review findings and provide remediation assistance upon request.