What is NERC?
NERC (North American Electric Reliability Corporation) monitors, regulates, and implements compliance policies for power system operators. All power plant companies providing bulk-power plant systems, power generation, power transmission, and power distribution in the U.S. and Canada are required to comply with NERC standards. NERC promotes safe power systems through their array of NERC reliability standards.
What are NERC Reliability Standards?
The NERC Reliability Standards are the widely accepted regulatory standards for bulk-power system operators, owners, and workers. NERC uses these standards for audits ensuring efficient, safe, and reliable power sources for households and business operations.
How are NERC Standards Applied?
NERC compliance ensures the safety and efficiency of generation and distribution companies using different kinds of power sources. NERC standards compliance is confirmed in the following key ways:
- Power plant monitoring that specifies possible improvements and changes.
- Enforcement of standards and compliance procedures.
- Power system operator registration using NERC reliability standards.
- Certification of power plants and companies as certified NERC-compliant.
- Ensuring employee training and orientation.
- Regional monitoring of power plant companies to confirm violations aren’t overlooked.
What is NERC CIP?
CIP stands for “critical infrastructure protection.” They are requirements that secure elements of a properly functioning bulk electric system in North America. CIP is one of 14 NERC standards enforced in the U.S. These CIP standards focus on critical physical security and cybersecurity assets. There are currently 11 reliability standards within CIP.
Which NERC CIP Standards are Enforced?
The 11 enforced CIP standards are:
- CIP-002-5.1a: Cyber Security — BES Cyber System Categorization
- CIP-003-6: Cyber Security – Security Management Controls
- CIP-004-6: Cyber Security – Personnel & Training
- CIP-005-5: Cyber Security – Electronic Security Perimeter(s)
- CIP-006-6: Cyber Security – Physical Security of BES Cyber Systems
- CIP-007-6: Cyber Security – System Security Management
- CIP-008-5: Cyber Security – Incident Reporting and Response Planning
- CIP-009-6: Cyber Security – Recovery Plans for BES Cyber Systems
- CIP-010-2: Cyber Security – Configuration Change Management and Vulnerability Assessments
- CIP-011-2: Cyber Security – Information Protection
- CIP-014-2: Physical Security