NERC CIP Compliance

Protecting national critical infrastructure like the national electrical grid is a priority for utilities, energy providers and government agencies. The North American Electric Reliability Corporation (NERC) maintains cybersecurity standards for Critical Infrastructure Protection (CIP). NERC Standards CIP-002-3 through CIP-009-3 provide a cybersecurity framework to identify and protect critical cyberassets of the bulk electric system. Perceived and real threats from hackers and cyberterrorists, legislative mandates with the promise of fines for non-compliance, and the opportunity to upgrade network infrastructure are all driving compliance with NERC CIP.

Meeting NERC CIP Compliance

Meeting compliance with NERC CIP is a governance, administration and technical challenge. NERC CIP compliance efforts can be optimized when combined with automation and control updates to infrastructure, to meet compliance as well as smart grid and intelligent utility objectives.

NTT Security services can assist organizations with NERC CIP compliance and the protection of critical cyberassets.

NTT Security services help energy and utility organizations with:

Assess and Measure Gaps NERC CIP risk assessments performed by experienced, certified security professionals experienced in dealing with new and legacy industrial control environments; prioritized and actionable recommendations; peer benchmarking.
Remediate and Enhance Experienced, certified security professionals, security program, policy,and procedures design, services, tools and process implementation.
Execute and Monitor NERC CIP compliant Log Monitoring, Log Management, Vulnerability Management and Security Device Management.
Demonstrate Compliance Standard and customizable reporting, secure evidence repository for all NERC CIP compliance related assessments, results and reports; integrated ticketing with assignment, tracking, and journaling.

NTT Security has:

  • A track record of delivering managed and security consulting services that meet NERC CIP requirements.
  • A staff of experienced, certified security and compliance professionals.
  • Participation in utility industry and regional groups.
  • Proven security services.
  • Certified security experts (HITRUST CSF, CISSP, CISA, CISM, GCIA, CSOA, QSA and others).


Compliance Activity NTT Security Services / Capabilities Regulatory Mapping
Assess and Measure Gaps Technical Consulting; certified security professionals CIP-002-3, CIP-003-3, CIP-004-3
Remediation and Enhancement Technical Consulting; certified security professionals; authorized partner consulting services CIP-003-3, CIP-007-3, CIP-008-3, CIP-009-3
Execute and Monitor Security Program Log Monitoring; Log Management; Vulnerability Management; Security Device Management; authorized partner consulting services CIP-002-3, CIP-003-3, CIP-005-3, CIP-007-3, CIP-008-3, CIP-009-3
Demonstrate Compliance Evidence Repository; security and compliance reporting; Technical Consulting CIP-002-3, CIP-003-3, CIP-004-3, CIP-005-3, CIP-007-3, CIP-008-3, CIP-009-3

What's New

Blog: New and Improved Dridex

Webinar: 2016 Global Threat Intelligence Report Review

White Paper: Defending Against Advanced Persistent Threats - Download