NERC CIP Compliance

Compliance with NERC CIP Reliability Standards requires electric utilities to adopt precise procedures and to verify their implementation. NP-View and NP-Live can help save time and resources assessing and managing compliance with the primary parts of CIP-002 and CIP-005.

Network connectivity through NP-view software network segmentation maps

A key objective of NERC CIP is to protect assets whose loss or mis-operation could cause an impact on the bulk electric system (BES). Those assets are called BES Cyber Systems (BCS) and should always reside within an Electronic Security Perimeter (ESP). The ESP is defined by NERC as “The logical border surrounding a network to which BES Cyber Systems are connected using a routable protocol”. By parsing configuration files from firewalls and routers related to the ESP, NP-View and NP-Live can automatically generate the topology of the network and then verify network connectivity to ensure compliance with CIP requirements.

NP-View and NP-Live can collect and present information to verify compliance with the following 4 requirements:

  • CIP-005 R1.1: All applicable Cyber Assets connected to a network via a routable protocol shall reside within a defined ESP
  • CIP-005 R1.2: All External Routable Connectivity must be through an identified Electronic Access Point (EAP)
  • CIP-005 R1.3: Require inbound and outbound access permissions, including the reason for granting access, and deny all other access by default

CIP-005 R2.1: Utilize an Intermediate System such that the Cyber Asset initiating Interactive Remote Access does not directly access an applicable Cyber Asset

NP-View Software Screenshot of Visual Map of the Network PNG File
Risk assessment results of access control lists and rules for use in audit compliance

Successfully managing compliance means gaining a clear understanding of requirements and building a workflow that enables a team to coordinate while reviewing evidence and preparing reports. Used efficiently, technology can bring automation to this workflow in order to save time and minimize the risk of human error. It is especially important in the context of CIP-005 since mis-identifying an asset or missing an access rule can lead to serious consequences. Sign up on the Portal or contact us to learn more the capabilities of NP-View and NP-Live to generate NERC CIP compliance report.

Learn How to Successfully Manage your NERC Compliance

Download our step-by-step guide that covers building a workflow for 4 important CIP-005 requirements.

Download the white paper

Get Started Today with a Free Demo Account

Create Your Login