NERC CIP

Advanced cybersecurity solutions for NERC compliance.

shutterstock 1408585991

AWA’s NERC Cyber Security Compliance Services

We provide cyber security services helping entities meet security compliance needs. We have the experience, skills and resources to help your organization identify and protect critical cyber assets by helping you meet NERC CIP compliance requirements.

What Are NERC CIP Cyber Security Standards?

North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standard is a cyber security standard for the North American Electric Grid (NAEG). It defines minimum requirements and guidelines needed to adequately safeguard the nation’s critical electric infrastructure from cybersecurity threats.

To be in compliance, all electric utilities are required to develop, document, and test Cyber Incident Response Plans (CIRPs) to ensure rapid recovery from a cyberattack or security failure. The goal of complying with NERC cyber security standards is to create an environment where the disruption of any electric utility system or element affects only its intended target at most. It aims to mitigate risk to critical cyber assets that control or impact the reliability of North America’s bulk power systems.

In 2010, when the NERC CIP cyber-security standards were first passed, nine of them were mandatory to meet and four optional, which have since been implemented.

Implementing NERC Cyber Security Standards

According to NERC’s Cyber Security Framework document, there are three key strategies that must be incorporated into a utility organization’s organizational structure in order to effectively implement and maintain compliance with NERC standards:

NERC Cyber Security Standards
  • Investing in state-of-the-art cyber security solutions that can detect, prevent, and mitigate any potential cyberattacks.
  • Training all staff regularly on various topics related to the computer systems they utilize. This would include instruction on all updates or changes to procedures as well as employee education and training on cybersecurity.
  • Periodically testing the security status of the electric utility, ensuring that vulnerabilities are properly addressed before a targeted attack occurs. Testing should be conducted regularly–at least once every 12 months–and some organizations perform tests more often to further decrease the risk of a breach and protect particularly critical assets.
CISSP - Certified Information Systems Security Professional
CEH - Certified Ethical Hacker
CISM - Certified Information Security Manager

Get Started with Certified Cybersecurity Solutions

Contact AWA International to discuss the cybersecurity solutions that would best fit your organization's compliance goals.

Contact Us
Scroll to Top