NERC CIP Bootcamp – Austin – Day 2

Version 5 of the NERC CIP standards is a significant rewrite with numerous new, revised, and relocated requirements, numerous new or revised definitions, and two new standards. Additionally, the structure and approach to requirements has changed with four tiers of requirements covering thirteen different categories of assets.

EnergySec’s team of experts, with years of relevant industry experience in cyber security and NERC CIP auditing, have created this two-day deep dive to provide an in-depth look at these standards and their requirements. This course is appropriate for both seasoned NERC CIP professionals seeking a greater understanding of version 5, as well as those new to NERC CIP seeking in-depth knowledge of these standards. Attendees will come away with detailed knowledge of version 5, and be prepared to tackle the challenges and complexities of compliance while avoiding audit pitfalls.

All attendees will receive full printed and electronic copies of the course materials, plus free access to future versions of the course for a period of 12 months and access to the course alumni email discussion forums. Course materials are regularly reviewed and updated to reflect the latest NERC guidance, formal interpretations, FERC rulings, regional audit approaches, and other relevant items.


Asset Identification

Proper identification of cyber assets is critical for compliance. This unit will explain asset identification methodologies, bright line criteria, impact level determination, types of assets that must be considered, and more

Cyber Security Policies

The requirements for cyber security policies are changed. This unit will walkthrough the elements required to be addressed in policies for each of the three asset impact levels.

Training and Awareness

Version 5 has revised and expanded requirements for personnel training. This unit provides an explanation of the requirements for training and awareness, including the specific topics that must be addressed for various job roles.

Personnel Risk Assessments

This unit lays out the requirements for identity verification and background checks for personnel with access to in-scope assets.

Access Management and Revocation

The requirements related to access management have been among the most violated CIP standards. In Version 5, these requirements are reorganized and expanded. This unit provides an in-depth discussion of access management, including the types of access that must be managed, approval and tracking requirements, and revocation procedures.

Electronic Security Perimeters

Electronic Security Perimeters are perhaps the most important aspect of the CIP standards. This unit contains detailed technical explanations of the requirements for Electronic Security Perimeters, Electronic Access Points, and Electronic Access Control and Monitoring Systems.

Interactive Remote Access

The requirements related to remote access contain some of the most significant changes in version 5. This unit will provide a technical discussion of the requirements for control of remote access to BES Cyber Systems.

Communications Security

FERC raised concerns about the security of communication networks in its order approving V5. They also instructed NERC to develop new or modified Reliability Standards that address the protection of communication networks. This unit discusses approaches for protecting networks and preparing for future requirements.

Physical Security

Physical security requirements have been changed, and now contain four tiers of requirements based on the impact level and connectivity of BES Cyber Systems. This unit will explain these changes and layout the differing requirements for each tier of assets.

Ports and Services

This unit covers requirements related to control of ports and services on Cyber Assets

Patch Management

The management of security patches is an important control which has new requirements in version 5. This unit will provide practical advice to meeting these new requirements.

Malicious Code Prevention

Malicious code is one of the biggest threats to critical systems. This unit will explain the changes version 5 has brought to requirements on this topic, and discuss methods for the control of malware.

Transient Systems Protection

In its order approving version 5 of the CIP standards, FERC instructed NERC to develop requirements that address the security of transient systems. This unit discusses recommended practices and explores the types of requirements which may be applied to this category of assets in the future.