NERC CIP Assessment and Compliance

The CIP-C is an assessment of compliance with NERC CIP standards, and optional compliance readiness services. Illumant performs an analysis of the security of BES (Bulk Electric System) cyber systems, associated protected cyber assets, formerly CCAs (Critical Cyber Assets) and their operating environments. This includes assessments of the assets themselves, as well as assessments of their electronic security perimeters (ESPs) if applicable, physical security perimeters (PSPs), security management systems, and other non-critical cyber assets that reside within the ESPs, including any network infrastructure equipment, and physical and electronic access control and monitoring systems, along with personnel security measures and other security procedures and protocols.


Highlights

  • Compliance Assessment
  • Readiness/Remediation
  • BES Cyber System Categorization
  • Security Management Controls
  • Personnel and Training
  • Electronic Security Perimeter(s)
  • Physical Security of BES Cyber Systems
  • Systems Security Management
  • Incident Reporting and Response Planning
  • Recovery Plans
  • Configuration Change Management and Vulnerability Assessments
  • Information Protection
  • Physical Security

Targets

  • BES Cyber System – high, medium, low impact
  • Associated protected cyber assets
  • Associated physical and electronic access control and monitoring systems
  • Control centers
  • Backup control centers
  • Transmission stations and substations
  • Generation resources
  • Systems and facilities critical to system restoration
    • Blackstart resources
    • Cranking paths

CIP compliance gap analysis readiness controls design controls documentation policies and procedures documentation

Bulk Electric System BES cyber system cyber asset personnel incident response CCA critical cyber asset Electronic Security Perimeter ESP Physical Security Perimeter PSP substations infrastructure security management systems

NERC CIP NIST

Detailed Description

The CIP standard requires a layered approach to security of systems per the table below:

Standard Title
CIP–002–5.1Cyber Security — BES Cyber System Categorization
CIP–003–5Cyber Security — Security Management Controls
CIP–004–5.1Cyber Security — Personnel and Training
CIP–005–5Cyber Security — Electronic Security Perimeter(s)
CIP–006–5Cyber Security — Physical Security of BES Cyber Systems
CIP–007–5Cyber Security — Systems Security Management
CIP–008–5Cyber Security — Incident Reporting and Response Planning
CIP–009–5Cyber Security — Recovery Plans for BES Cyber Systems
CIP–010–1Cyber Security — Configuration Change Management and Vulnerability Assessments
CIP–011–1Cyber Security — Information Protection
CIP-014-2Physical Security

Illumant reviews the client’s compliance readiness for each of the standards above, including each of the requirements within.

After completion of the assessment Illumant will review findings and provide remediation assistance upon request.