If you are in the Energy sector, then you are well versed in the North American Electric Reliability Corporation Critical Infrastructure Protection Reliability Standards or better know as the NERC CIP Standards. Dated April 11, 2013, the recent NERC Transition Guidance announcement:
The Critical Infrastructure Protection (“CIP”) Version 3 Reliability Standards (“CIP Version 3”) are currently mandatory and enforceable for Responsible Entities. The Federal Energy Regulatory Commission (“FERC”) approved Version 4 of the CIP Reliability Standards (“CIP Version 4”)1 on April 19, 2012, in FERC Order No. 761.2 The North American Electric Reliability Corporation (“NERC”) filed the CIP Version 5 Reliability Standards (“CIP Version 5”) with FERC on January 31, 2013, which are pending FERC approval.In other words, get ready for CIP V5 – coming soon to a NOC near you.
In each of the CIP Versions 3 through 5, CIP-002 includes a requirement that an entity identify those assets that are subject to compliance with the remainder of the family of CIP Reliability Standards. CIP-002-3 requires an entity to have a risk-based assessment methodology (“RBAM”) to determine its Critical Assets. CIP-002-4 requires an entity to use a bright-line criteria methodology, asset forth in Attachment 1 of CIP-002-4,to define Critical Assets. CIP-002-5 requires an entity to use impact rating criteria in Attachment 1 of the standard to classify the level of impact of a BES Cyber System and to determine the corresponding compliance obligations.
The April 18, 2013, news release from the Federal Energy Regulatory Commission (FERC) states that the NERC proposal submitted on January 31, 2013 constitutes Version 5 of the CIP Standards.
CIP Standards Version 5 proposal includes 12 new requirements:
“New cyber security controls that address… Configuration Change Management and Vulnerability Assessments… applying CIP protections more comprehensively to better assure protection of the bulk electric system.”
Get ready for CIP V5. Drive improved audit readiness and regulatory compliance with automated process management, change tracking and reporting using an ITIL-based Change and Release solution. Add a CMDB featuring a central repository with dependency mapping and configuration auditing that allows energy organizations to easily manage all of their Cyber Security Assets.
Change and Configuration Management software can help simplify compliance and the management of your critical Cyber Assets by providing security enforcement, process documentation, workflow automation, and reporting capabilities for audit purposes.
Get prepared for NERC CIP V5 and drive improved compliance with an easy to use, fast to implement process management solution that features Change and Release Management and a CMDB central repository TODAY!
Flickr Image by vaxomatic