Section 1 – CIP Foundations
This section will provide the foundational knowledge you need to understand the CIP landscape, and be conversant on NERC CIP topics.
Unit 1 Foundations
The unit will explain the background and history of the CIP standards, including their legal authority, development process, and enforcement practices.
Unit 2 Applicability
This unit will discuss the types of organizations, facilities, and equipment that are in-scope for the standards. The “Bright Line” criteria for asset identification will be covered.
Unit 3 Structure
This unit will explain how the standards are structured, how the requirement applicability is determined, and the multiple device classes that are in scope for various requirements.
Unit 4 Terminology
This unit will introduce and explain more than two dozen formally defined words and phrases used in the standards, as well as a few commonly used words that are not formally defined.
Section 2 – CIP Requirements
This section will provide an overview of the requirements of standards CIP-002-6 through CIP-0011-2, explaining the various activities that utilities must conduct to ensure compliance. Note that this section provides n overview of requirements from a vendor perspective. For an in-depth examination of the requirements, including compliance approaches and evidentiary expectations, we suggest attending Day 2 and 3 of our CIP Bootcamp.
Unit 5 CIP-002 Asset Identification
This unit discuss the requirements for the identification and classification of BES Cyber Systems.
Unit 6 CIP-003 Polices and Low Impact Assets
This unit focuses on the requirements for low impact systems.
Unit 7 CIP-004 Personnel Management
This unit covers the requirements for training, background checks, and access management of personnel with access to systems that are in scope for CIP requirements
Unit 8 CIP-005 Electronic Perimeters and Remote Access
This unit explains the requirements for Electronic Security Perimeters
Unit 9 CIP-006 Physical Security
This unit covers physical security requirements.
Unit 10 CIP-007 System Security
This unit discusses system security requirements, including patching, malware defense, and logging.
Unit 11 CIP-008 Incident Response
This unit cover incidents response requirements.
Unit 12 CIP-009 Recovery Plans
This unit discusses the requirements for recovery plans for BES Cyber Systems
Unit 13 CIP-010 Configuration Management, Vulnerability Assessments, and Transient Devices
This unit explains the requirements for configuration management, vulnerability assessments, and transient devices.
Unit 14 CIP-011 Information Protection
This unit covers information protection requirements.
Unit 15 The future
This unit will discuss current proposals for new standard development efforts, and forecast potential future requirements.
- Date:July 13, 2016
- Time:8:00 am
- Event:NERC CIP Vendor Workshop – Seattle