NERC CIP Bootcamp – Hartford – Day 1

For many, CIP Version 3 has become rote knowledge – the terms, requirements and approaches are well engrained into their day-to-day activities. CIP Version 5 is a dramatic change that is likely to challenge even the most seasoned CIP compliance professional.

EnergySec’s team of experts, with years of relevant industry experience in cyber security and NERC CIP auditing, have created this one-day course to prepare you for the transition to CIP version 5. This course is perfect for both seasoned NERC CIP professionals seeking to ensure a smooth transition to version 5, as well as those new to NERC CIP who wish to jump start the learning process on these important standards.

Attendees will come away from Day 1 of this course prepared to face version 5. In this session we will:

  • Explain the 19 terms with new or revised definitions and other important terms that are still undefined
  • Describe the 13 categories of assets to which requirements apply
  • Explain the new bright line criteria and the three tier (High/Medium/Low) approach to asset classification
  • Walk through a detailed mapping and discussion of the new, revised, and retired requirements
  • Discuss the two new standards in version 5
  • Explore future changes that may result from the FERC Order on version 5
  • Provide references and discussion on the pertinent NERC filings and FERC rulings on these standards

Join us for an incredible opportunity to help prepare your organization for NERC CIP Version 5 compliance. All attendees will receive full printed and electronic copies of the course materials, plus free access to future versions of the course for a period of 12 months and access to the course alumni email discussion forums. Course materials are regularly reviewed and updated to reflect the latest NERC guidance, formal interpretations, FERC rulings, regional audit approaches, and other relevant items.

COURSE OUTLINE

Structural Changes

Version 5 has significant changes in the format and layout of the standards. This unit provides an explanation of the new format, table-based requirements and applicability sections, measures, and the guidelines and technical basis sections.

Implementation Plan

This unit will cover the V5 implementation plan explaining the timelines for compliance for various types of facilities, BES Cyber Systems, and impact levels.

Documentation, Measures, and Evidence

Version 5 has eliminated some explicit documentation requirements, but also added specific measures by which compliance may be assessed. This unit will explain the necessary modifications.

Terminology

There are 19 new or revised definitions of terms used in version 5. This unit will provide an explanation of how these changes will affect you existing compliance activities.

Cyber Asset Categories

Requirements in version 5 contain an applicability table listing the categories of assets that are in scope for that requirement. This unit explains how existing programs will need to adjust to handle the 13 categories of assets to which requirements apply.

Bright Lines and Asset Identification

– Version 5 employs a radically different approach to identifying and categorizing cyber assets. The previously used RBAM approach is gone, replaced by bright line criteria and a three-tier approach to asset categorization. This unit explains the new process.

Things You Can Stop Doing

Many requirements have undergone significant changes in version 5. Additionally, FERC recently approved retirement of some existing standards. This unit will detail compliance activities which may no longer be needed.

Things You Need to Start Doing

Version 5 contains two new standards and a number of significantly modified requirements. This unit will introduce these standards and explain the new, modified, and relocated requirements to provide an understanding of new activities that will be required to comply with version 5.

Things You Need to do Differently

Version has updated many existing requirements. This unit discusses adjustments you may need to make to your existing programs and processes.

Future Changes

In the order approving V5, FERC ordered NERC to make modifications in several areas. This unit will discuss the required changes, and explain how these changes may affect future compliance efforts.