← Frameworks / FERC CIP Orders / Control Mappings

FERC Orders Directing NERC CIP Standard Development

Federal Energy Regulatory Commission orders directing NERC to develop and modify Critical Infrastructure Protection reliability standards for the Bulk Electric System. Key orders include Order 706 (mandatory CIP standards), Orders 829/850 (supply chain risk management including EACMS/PACS), Order 881 (internal network security monitoring), Order 887 (virtualization and cloud), Order 888 (low-impact BES enhancements), Order 2222 (DER cybersecurity), and Order 893 (incentive-based rate treatment). Represents the regulatory policy layer driving NERC CIP standard evolution.

Controls: 39

Total Mappings: 51

Publisher: Federal Energy Regulatory Commission (FERC) Version: 2006-2024

FERC CIP Orders → SP 800-53 SP 800-53 → FERC CIP Orders Coverage Analysis

AC (3) AT (2) AU (1) CA (1) CM (3) IA (3) IR (2) PE (2) PL (2) PM (5) SA (3) SC (5) SI (1) SR (6)

AC Access Control

Control	Name	FERC CIP Orders References
AC-01	Access Control Policies and Procedures	Order 888
AC-02	Account Management	Order 850
AC-04	Information Flow Enforcement	Order 887Order 2222

AT Awareness and Training

Control	Name	FERC CIP Orders References
AT-01	Security Awareness And Training Policy And Procedures	Order 888
AT-02	Security Awareness	Order 888

AU Audit and Accountability

Control	Name	FERC CIP Orders References
AU-06	Audit Monitoring, Analysis, And Reporting	Order 881

CA Security Assessment and Authorization

Control	Name	FERC CIP Orders References
CA-07	Continuous Monitoring	Order 881Order 893

CM Configuration Management

Control	Name	FERC CIP Orders References
CM-02	Baseline Configuration	Order 887
CM-07	Least Functionality	Order 887
CM-14	Signed Components	Order 829

IA Identification and Authentication

Control	Name	FERC CIP Orders References
IA-02	User Identification And Authentication	Order 850
IA-03	Device Identification And Authentication	Order 2222
IA-09	Service Identification and Authentication	Order 2222

IR Incident Response

Control	Name	FERC CIP Orders References
IR-01	Incident Response Policy And Procedures	Order 888
IR-04	Incident Handling	Order 881Order 888

PE Physical and Environmental Protection

Control	Name	FERC CIP Orders References
PE-01	Physical And Environmental Protection Policy And Procedures	Order 888
PE-03	Physical Access Control	Order 850Order 888

PL Planning

Control	Name	FERC CIP Orders References
PL-01	Security Planning Policy And Procedures	Order 706
PL-02	System Security Plan	Order 706

PM Program Management

Control	Name	FERC CIP Orders References
PM-01	Information Security Program Plan	Order 706Order 893
PM-02	Information Security Program Leadership Role	Order 706
PM-09	Risk Management Strategy	Order 706Order 893
PM-11	Mission and Business Process Definition	Order 2222
PM-14	Testing, Training, and Monitoring	Order 893

SA System and Services Acquisition

Control	Name	FERC CIP Orders References
SA-04	Acquisitions	Order 829
SA-09	External Information System Services	Order 829
SA-22	Unsupported System Components	Order 829

SC System and Communications Protection

Control	Name	FERC CIP Orders References
SC-02	Application Partitioning	Order 887
SC-07	Boundary Protection	Order 881Order 887Order 2222
SC-08	Transmission Integrity	Order 2222
SC-39	Process Isolation	Order 887
SC-48	Sensor Relocation	Order 881

SI System and Information Integrity

Control	Name	FERC CIP Orders References
SI-04	Information System Monitoring Tools And Techniques	Order 881

SR Supply Chain Risk Management

Control	Name	FERC CIP Orders References
SR-01	Policy and Procedures	Order 829Order 850
SR-02	Supply Chain Risk Management Plan	Order 829Order 850
SR-03	Supply Chain Controls and Processes	Order 829Order 850
SR-05	Acquisition Strategies, Tools, and Methods	Order 829
SR-06	Supplier Assessments and Reviews	Order 829Order 850
SR-11	Component Authenticity	Order 850