NERC Critical Infrastructure Protection Standards
Mandatory reliability standards for the Bulk Electric System (BES) in North America. 14 CIP standards (CIP-002 through CIP-015) covering BES Cyber System categorization, security management controls, personnel and training, electronic security perimeters, physical security, system security management, incident reporting, recovery plans, configuration and vulnerability management, information protection, control center communications, supply chain risk management, transmission station physical security, and internal network security monitoring (INSM). Enforced by NERC with mandatory compliance, violations, and penalties.
Clauses: 14
Avg Coverage: 78.1%
Publisher: North American Electric Reliability Corporation (NERC) Version: v5-7 (2024) | Clause | Title | SP 800-53 Controls |
|---|---|---|
| CIP-002-7 | BES Cyber System Categorization | |
| CIP-003-9 | Security Management Controls | |
| CIP-004-7 | Personnel & Training | |
| CIP-005-7 | Electronic Security Perimeter | |
| CIP-006-6 | Physical Security of BES Cyber Systems | |
| CIP-007-6 | System Security Management | |
| CIP-008-6 | Incident Reporting and Response Planning | |
| CIP-009-6 | Recovery Plans for BES Cyber Systems | |
| CIP-010-4 | Configuration Change Management and Vulnerability Assessments | |
| CIP-011-3 | Information Protection | |
| CIP-012-1 | Communications between Control Centers | |
| CIP-013-2 | Supply Chain Risk Management | |
| CIP-014-3 | Physical Security | |
| CIP-015-1 | Internal Network Security Monitoring (INSM) |