NERC CIP Bootcamp – Phoenix – Day 3

Version 5 of the NERC CIP standards is a significant rewrite with numerous new, revised, and relocated requirements, numerous new or revised definitions, and two new standards. Additionally, the structure and approach to requirements has changed with four tiers of requirements covering thirteen different categories of assets.

EnergySec’s team of experts, with years of relevant industry experience in cyber security and NERC CIP auditing, have created this two-day deep dive to provide an in-depth look at these standards and their requirements. This course is appropriate for both seasoned NERC CIP professionals seeking a greater understanding of version 5, as well as those new to NERC CIP seeking in-depth knowledge of these standards. Attendees will come away with detailed knowledge of version 5, and be prepared to tackle the challenges and complexities of compliance while avoiding audit pitfalls.

All attendees will receive full printed and electronic copies of the course materials, plus free access to future versions of the course for a period of 12 months and access to the course alumni email discussion forums. Course materials are regularly reviewed and updated to reflect the latest NERC guidance, formal interpretations, FERC rulings, regional audit approaches, and other relevant items.

COURSE OUTLINE

System Access Control

This unit provides a detailed review of the technical access control requirements in version 5, including new and revised requirements for shared accounts, password controls, and interactive access.

Security Event Monitoring

It is now recognized that 100% prevention of successful cyber attacks is not feasible. Detection and response are critical, and the revised requirements for security event logging are at the core of these important capabilities. This unit will prepare you for compliance, and lay a foundation for an effective security monitoring capability.

Incident Response

Once a security event is detected, a quick and effective response is critical. This unit will detail the requirements in version 5 for response to Cyber Security Incidents

Recovery Plans

When an event occurs, rapid detection and response may not be enough to prevent significant impacts to cyber systems. In those circumstances, the ability to quickly and fully recover are essential. This unit walks through version 5 requirements for recovery plans for BES Cyber Systems, and prepares you to be prepared for the worst.

Configuration Change Management

Version 5 has taken a very different approach to configuration management, including an entirely new standard on that topic. Requirements have been consolidated into this new standard, and new ones have been added. This unit explains these changes and starts you on the road to effective configuration management and change control for your critical systems.

Vulnerability Assessments

This unit will explain the new and updated requirements for vulnerability assessments in version 5.

Information Protection

The more attackers know about your systems, the easier it is for them to get in. This unit discusses the requirements for protection of information that could lead to compromise if exposed, including the safe disposal and redeployment of cyber assets.

Low Impact Assets

FERC has ordered NERC to develop objective criteria to evaluate the sufficiency of cyber protections for low impact assets. This unit will discuss the current state of development and possible outcomes from this effort. It will also suggest ways to address this issue and get a head start on future requirements.

High Frequency Security Obligations

Version 5 contains a number of requirements which constitute “High Frequency Security Obligations”, activities which occur repeatedly for a large number of individuals or assets. This unit discusses approaches for achieving the required 100% compliance in these circumstances, examines the concerns about the FERC rejected language of “identify, assess, and correct”, and identifies possible alternative approaches that may be proposed in this area.

Technical Feasibility Exceptions

In version 5, a number of the requirements that were previously subject to Technical Feasibility Exceptions (TFEs) have been modified. Additionally, new requirements have been written that may require TFEs in some circumstances. This unit reviews these requirements, provides a discussion of the TFE process, and explains what we know about the TFE process for CIP version 5.

Gotchas and Opportunities

Compliance can be a tricky endeavor, but can also provide the impetus for greater security. This unit will discuss some of the traps, pitfalls, and common mistakes that lead to violations, as well as key areas in which compliance activities can be leveraged to improve overall security.

Documentation and Evidence

Although many documentation requirements have been removed in version 5, documentation is more important than ever to demonstrating compliance. This unit suggests approaches to documentation and evidence that ensure audit readiness.

Tips for Audit Success

A compendium of tips that provide for smoother audits, happier auditors, and improved outcomes.