Solution Sheets
Understanding, experience and technology for success

NERC CIP Compliance Management

Energy companies across the U.S., today, are faced with the pressure of complying with the NERC Critical Infrastructure Protection (CIP) 002-009 standards. As a result, these utilities are looking to implement a robust cyber security framework that identifies and protects their critical cyber assets, and supports reliable operations of the bulk electric systems. These standards affect everything a utility does, from generation and transmission to distribution and corporate operations, and lay down steps that utilities must follow while identifying and protecting critical cyber assets. Non-compliance may lead to heavy penalties. Organizations will be audited by June 30, 2009, and fines for non-compliance can reach as high as one million dollars per violation per day.

Most companies, however, do not have proper procedures in place to effectively meet the compliance regulations and requirements. The CIP standards require significant system and procedural hanges to the operational environment. Further, matching up security policies with NERC CIP regulatory requirements, compiling appropriate NERC CIP compliance documentation, and reporting on current compliance levels are labor- and capital-intensive tasks.