What are NERC standards?
NERC (North American Electric Reliability Corporation) standards are a set of mandatory cybersecurity and operational standards developed by NERC and enforced by the Federal Energy Regulatory Commission (FERC) in the United States and the National Energy Board (NEB) in Canada.
Compliance Verification
NP-View verifies compliance with the following requirements:
– CIP-005 R1.1: All applicable Cyber Assets connected to a network via a routable protocol shall reside within a defined ESP
– CIP-005 R1.2: All External Routable Connectivity must be through an identified Electronic Access Point (EAP)
– CIP-005 R1.3: Require inbound and outbound access permissions, including the reason for granting access, and deny all other access by default
– CIP-005 R2.1: Utilize an Intermediate System such that the Cyber Asset initiating Interactive Remote Access does not directly access an applicable Cyber Asset
Is NERC CIP mandatory?
Yes, NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) is mandatory for all entities that are defined as “Bulk Electric System” (BES) owners or operators in North America. This includes entities that own or operate high-voltage electric transmission lines, generation facilities, and control centers.
Why is NERC compliance important?
The purpose of the NERC CIP standards is to ensure the reliability and security of the North American power grid by establishing cybersecurity standards that BES owners and operators must follow. These standards are enforced by NERC, and non-compliance can result in significant penalties and fines.
