NERC CIP Vendor Workshop – Seattle – Day 1

Section 1 – CIP Foundations

This section will provide the foundational knowledge you need to understand the CIP landscape, and be conversant on NERC CIP topics.

Unit 1 Foundations

The unit will explain the  background and history of the CIP standards, including their legal authority, development process, and enforcement practices.

Unit 2 Applicability

This unit will discuss the types of organizations, facilities, and equipment that are in-scope for the standards. The “Bright Line” criteria for asset identification will be covered.

Unit 3 Structure

This unit will explain how the standards are structured, how the requirement applicability is determined, and the multiple device classes that are in scope for various requirements.

Unit 4 Terminology

This unit will introduce and explain more than two dozen formally defined words and phrases used in the standards, as well as a few commonly used words that are not formally defined.

Section 2 – CIP Requirements

This section will provide an overview of the requirements of standards CIP-002-6 through CIP-0011-2, explaining the various activities that utilities must conduct to ensure compliance. Note that this section provides n overview of requirements from a vendor perspective. For an in-depth examination of the requirements, including compliance approaches and evidentiary expectations, we suggest attending Day 2 and 3 of our CIP Bootcamp.

Unit 5 CIP-002 Asset Identification

This unit discuss the requirements for the identification and classification of BES Cyber Systems.

Unit 6 CIP-003 Polices and Low Impact Assets

This unit focuses on the requirements for low impact systems.

Unit 7 CIP-004 Personnel Management

This unit covers the requirements for training, background checks, and access management of personnel with access to systems that are in scope for CIP requirements

Unit 8 CIP-005 Electronic Perimeters and Remote Access

This unit explains the requirements for Electronic Security Perimeters

Unit 9 CIP-006 Physical Security

This unit covers physical security requirements.

Unit 10 CIP-007 System Security

This unit discusses system security requirements, including patching, malware defense, and logging.

Unit 11 CIP-008 Incident Response

This unit cover incidents response requirements.

Unit 12 CIP-009 Recovery Plans

This unit discusses the requirements for recovery plans for BES Cyber Systems

Unit 13 CIP-010 Configuration Management, Vulnerability Assessments, and Transient Devices

This unit explains the requirements for configuration management, vulnerability assessments, and transient devices.

Unit 14 CIP-011 Information Protection

This unit covers information protection requirements.

Unit 15 The future

This unit will discuss current proposals for new standard development efforts, and forecast potential future requirements.