NERC CIP

Protecting national critical infrastructure like the national electrical grid is a priority for utilities, energy providers and government agencies. The North American Electric Reliability Corporation (NERC) maintains cybersecurity standards for Critical Infrastructure Protection (CIP). NERC Standards CIP-002-3 through CIP-009-3 provide a cybersecurity framework to identify and protect critical cyberassets of the bulk electric system. Perceived and real threats from hackers and cyberterrorists, legislative mandates with the promise of fines for non-compliance, and the opportunity to upgrade network infrastructure are all driving compliance with NERC CIP.

Meeting NERC CIP Compliance

Meeting compliance with NERC CIP is a governance, administration and technical challenge. NERC CIP compliance efforts can be optimized when combined with automation and control updates to infrastructure, to meet compliance as well as smart grid and intelligent utility objectives.

Solutionary Managed Security Services and Security Consulting Services can assist organizations with NERC CIP compliance and the protection of critical cyberassets.

Solutionary services help energy and utility organizations with:

Assess and Measure Gaps NERC CIP risk assessments performed by experienced, certified security professionals experienced in dealing with new and legacy industrial control environments; prioritized and actionable recommendations; peer benchmarking.
Remediate and Enhance Experienced, certified security professionals, security program, policy,and procedures design, services, tools and process implementation.
Execute and Monitor NERC CIP compliant Log Monitoring, Log Management, Vulnerability Management and Security Device Management.
Demonstrate Compliance Standard and customizable reporting, secure evidence repository for all NERC CIP compliance related assessments, results and reports; integrated ticketing with assignment, tracking, and journaling.

Solutionary has:

  • A track record of delivering managed and security consulting services that meet NERC CIP requirements
  • A staff of experienced, certified security and compliance professionals
  • Participation in utility industry and regional groups
  • Proven Managed Security Services and Security Consulting Services
  • Certified security experts (HITRUST CSF, CISSP, CISA, CISM, GCIA, CSOA, QSA and others)

 

Compliance Activity Solutionary Services / Capabilities Regulatory Mapping
Assess and Measure Gaps Security Consulting services; certified security professionals CIP-002-3, CIP-003-3, CIP-004-3
Remediation and Enhancement Security Consulting Services; certified security professionals; authorized partner consulting services CIP-003-3, CIP-007-3, CIP-008-3, CIP-009-3
Execute and Monitor Security Program Log Monitoring; Log Management; Vulnerability Management; Security Device Management; authorized partner consulting services CIP-002-3, CIP-003-3, CIP-005-3, CIP-007-3, CIP-008-3, CIP-009-3
Demonstrate Compliance Evidence Repository; security and compliance reporting; Security Consulting Services CIP-002-3, CIP-003-3, CIP-004-3, CIP-005-3, CIP-007-3, CIP-008-3, CIP-009-3

 

Solutionary services to support NERC CIP compliance include:

What's New

Blog: One Phish, Two Phish, Read Phish, Spear Phish

Research: NTT Group 2014 Global Threat Intelligence Report

White Paper: Seven Steps for Better DoS and DDoS Protection