The NERC CIP plan consists of 9 standards and 45 requirements covering the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning.
Is NERC CIP mandatory?
The NERC CIP standards are the mandatory security standards which apply to entities which own or manage facilities which are part of the U.S. and Canadian electric power grid.
Is NERC CIP a regulation?
Energy and Utility companies play a critical role in the United States’ national security. That’s largely in part because these responsible entities are strictly maintained and regulated to secure and protect energy infrastructure on a national scale .
How many NERC regions are there?
There are currently eight regions covering all of Canada and the contiguous United States plus a small part of Mexico (Baja California Norte) in North America.
What is NERC CIP v5?
On November 22, 2013, FERC approved Version 5 of the critical infrastructure protection cybersecurity standards (CIP Version 5), which represent significant progress in mitigating cyber risks to the bulk power system.
Who is subject to NERC CIP?
NERC works closely with eight regional reliability organizations whose members come from all segments of the electric industry: investor-owned utilities ; federal power agencies; rural electric cooperatives; state, municipal and provincial utilities; independent power producers; power marketers; and end-use customers.
Who must comply with NERC CIP?
All bulk power system owners, operators, and users must comply with NERC-approved Reliability Standards. These entities are required to register with NERC through the appropriate Regional Entity. For more information about the Compliance program, please contact us.
What are CIP requirements?
The CIP rule requires that a bank retain the identifying information obtained about the customer at the time of account opening for five years after the date the account is closed or, in the case of 7 Page 8 credit card accounts, five years after the account is closed or becomes dormant.
What are NERC CIP requirements?
Under NERC CIP, covered entities are required to identify critical assets and to regularly perform a risk analysis of those assets . Policies for monitoring and changing the configuration of critical assets need to be defined, as do policies governing access to those assets.
What CIP 004?
Purpose: Standard CIP-004 requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets , including contractors and service vendors, have an appropriate level of personnel risk assessment, training, and security awareness.
Does NERC regulate ERCOT?
The Electric Reliability Council of Texas (ERCOT) is regulated by the Texas Public Utilities Commission , not by FERC.
How Far Can AC power be transmitted?
Typical voltages for long distance transmission are in the range of 155,000 to 765,000 volts in order to reduce line losses. A typical maximum transmission distance is about 300 miles (483 km) . High-voltage transmission lines are quite obvious when you see them.
Does NERC apply to Canada?
NERC’s role in Canada is similar to its role in the United States. ... Authority over electricity generation and transmission in Canada rests primarily with provincial governments. Not all jurisdictions have the necessary legal structures to name an Electric Reliability Organization (ERO).
What CIP-002?
Standard CIP-002 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System.
What CIP 003?
Standard CIP-003 exists as part of a suite of CIP Standards related to cyber security , which require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and procedural controls to mitigate risk to BES Cyber Systems.
What is a BES Cyber system?
BES Cyber System – One or more BES Cyber Assets logically grouped by a Responsible Entity to perform one or more reliability tasks for a functional entity . Cyber Assets – Programmable electronic devices, including the hardware, software, and data in those devices.
