The Most Interesting NERC/CIP Blog In The World
CIP-003-8: Transient Cyber Assets and Friends
NERC CIP-003 mandates specific policies and procedures for handling removable media and transient cyber assets to bolster cybersecurity measures within the defined Electronic Security Perimeter
CIP-003-8: Incident Response
NERC CIP-003 includes requirements for establishing and maintaining an incident response plan to address and mitigate cybersecurity incidents that may occur within the defined Electronic Security Perimeter of critical cyber assets in the North American power grid infrastructure.
CIP-003-8: Electronic Access Controls are Cool!
NERC CIP-003 primarily focuses on securing the electronic access points of Critical Cyber Assets within the defined Electronic Security Perimeter of the North American power grid infrastructure.
CIP-003-8: The Physical Side of CIP
NERC CIP-003 includes a small physical security portion for low impact BES Cyber Systems, mandating the implementation of specified physical access controls to the defined Electronic Security Perimeter.
CIP-003-8: Cyber Security Awareness for Grandma
NERC CIP-003 includes requirements for establishing and maintaining a cyber security awareness program that aims to educate and train personnel about potential cyber threats and vulnerabilities, promoting a culture of cyber security within the organization.
CIP Low Impact Standards: It's Go Time!
NERC CIP-003 (Critical Infrastructure Protection) is a cybersecurity standard that focuses on securing the electronic security perimeters of critical assets in the North American power grid.
CIP-003-8: Exceptional Circumstances
NERC CIP-003 addresses exception circumstances by allowing responsible entities within the North American electricity industry to document and justify deviations from the standard's requirements in specific situations where full compliance may not be immediately achievable, provided that they implement alternative compensating measures to ensure the security and reliability of critical cyber assets.
CIP-003: The New Stuff - Part 4 - Transient Cyber Assets and Removable Media
NERC CIP-003's transient cyber asset portion includes measures to identify and protect critical cyber assets that have a temporary or intermittent connection to the control system network, ensuring their security during the time they are connected and minimizing potential vulnerabilities that could be exploited within the North American electricity industry.
CIP-003: The New Stuff - Part 3: Electronic Access Controls….Finally
NERC CIP-003 establishes requirements for Electronic Security Perimeters (ESPs), which are defined network boundaries implemented to safeguard critical cyber assets within the bulk electric system by controlling and monitoring access to those assets.
NERC/CIP Fine Case Study
NERC has levied a $10M cyber security violation fine. Could this happen to you?