|
The North American Electric Reliability Council (NERC) has set forth policies known as Critical Infrastructure Protection (CIP) standards 002-1 through 009-1. These standards provide a framework for power generators to identify and protect cyber security assets in order to maintain the reliable operation of electric systems. These eight standards deal with the following eight topics: critical cyber assets, security management controls, personnel and training, electronic security, physical security, systems security management, incident reporting and response planning, and recovery plans.
The North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) 002-1 - 009-1
- Defines requirements for identifying and documenting critical cyber assets through risk-based assessments
- Defines minimum security management controls that must be implemented to secure and protect critical cyber assets
- Establishes standards for personnel risk assessment, training, and security awareness for all those employees that have access to critical cyber assets
- Ensures that all critical cyber assets are maintained within an electronic security perimeter, which is identified, protected, and documented at all points including access points
- Implements a physical security program and perimeter in which the electronic security perimeter and its critical cyber assets reside
- Requires the definition and documentation of methods, processes, and procedures that secure and control cyber asset systems within the electronic security perimeter
- Mandates that cyber security incidents involving critical cyber assets be identified, classified, responded to, and reported
- Demands that business continuity and disaster recovery plans are created, reviewed, and maintained for critical cyber assets
NEMEA offers North American Electric Reliability Council (NERC) CIP compliance monitoring software to ensure you meet the current industry standards.
|
