NERC CIP

[et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”0px|0px|2px|0px” fullwidth=”on”][et_pb_fullwidth_header title=”NERC CIP: Critical Infrastructure Protection ” background_layout=”dark” text_orientation=”center” header_scroll_down=”on” scroll_down_icon=”%%3%%” button_one_url=”http://www.mdsny.com/contact/” background_url=”https://www.mdsny.com/wp-content/uploads/2017/05/light-bulbs-1125016_1920.jpg” background_color=”#2d3743″ background_overlay_color=”rgba(0,0,0,0.39)” title_font_size=”63px” content_font_size=”26px” subhead_font=”Droid Sans||||” subhead_font_size=”31px” background_image=”https://www.mdsny.com/wp-content/uploads/2017/05/light-bulbs-1125016_1920.jpg” /][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”54px|0px|9px|0px”][et_pb_row admin_label=”row” custom_padding=”0px|0px|0px|0px” background_color=”#ffffff” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”1_2″][et_pb_text text_line_height=”1.5em” header_line_height=”1.2em” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

NERC CIP is a set of regulations to protect the North America’s bulk electric system.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″][et_pb_text text_orientation=”center” text_font=”||||” text_font_size=”58px” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

 How Do I Become NERC CIP Compliant?

[/et_pb_text][et_pb_button button_url=”http://www.mdsny.com/contact/” button_text=”Find Out Now” button_alignment=”center” custom_button=”on” button_text_size=”27px” button_text_color=”rgba(0,0,0,0.95)” button_border_width=”2px” button_border_color=”#0c000c” button_border_radius=”1px” button_text_color_hover=”#ffffff” button_bg_color_hover=”#3dacb6″ background_color=”#7EBEC5″ /][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”10px|0px|13px|0px”][et_pb_row admin_label=”row” make_fullwidth=”on” custom_padding=”27px|0px|12px|0px” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_text text_font=”Droid Sans||||” text_font_size=”21px” text_text_color=”#2b2b2b” text_line_height=”1.8em” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

The NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) plan is a set of requirements designed to secure the assets required for operating America’s bulk power systems.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” background_color=”#e6eaea” custom_padding=”40px|0px|0px|0px”][et_pb_row admin_label=”row” make_fullwidth=”on” custom_padding=”0px|0px|1px|0px” background_color=”#e6eaea” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_text text_font=”Droid Sans||||” text_font_size=”20px” text_text_color=”#2b2b2b” text_line_height=”1.5em” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

What to know about the NERC CIP Compliance Regulations:

 

The NERC CIP Plan is a step of regulatory standards adopted in 2006 that specify the minimum requirements to support the reliability of the US electrical system in relation to:

  • security of electronic perimeters
  • protection of critical cyber assets
  • the personnel and training
  • security management
  • disastor recovery planning

All organizations who are involved risk significant fines and penalties for lack of compliance, ranging as high as $1 Million per day.

 

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” custom_padding=”0px|0px|54px|0px”][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_text text_font=”Droid Sans||||” text_font_size=”21px” text_text_color=”#2b2b2b” text_line_height=”1.4em” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

What You Need to Do – and How MDS Can Help:

The Certified MDS Cyber Security team is trained to identify the most efficient way for utilities to meet the CIP IT security requirements that are required under this compliance. The NERC Standards CIP-002 through CIP-009 provide a comprehensive cyber security framework, and are broken down as follows:

[/et_pb_text][et_pb_toggle title=”Critical Cyber Asset Identification (CIP-002)” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Create an inventory of your existing IT hardware and software, without any downtime. Create clear, concise documentation of critical cyber assets to facilitate compliance audits as well as day-to-day operations.

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Security Management Controls (CIP-003)” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Creation of concise, compliant technical IT security and governance policy documents based on workshop results, updated on an annual basis.

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Personnel & Training (CIP-004)” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

All personnel who has authorized access to Critical Cyber Assets, including contractors and vendors, have an appropriate level of personnel risk assessment, training and security awareness. The Responsible Entity must establish, maintain and document a security awareness program to ensure said personnel receive ongoing training and awareness on a quarterly basis.

[/et_pb_toggle][et_pb_toggle title=”Electronic Security Perimenter(s) (CIP-005)” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

The required implementation of multiple Electronic Security Perimeters (ESPs).

[/et_pb_toggle][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”on” parallax_method_1=”off” module_id=”#my-accordion” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_toggle title=”Physical Security of Cyber Cricial Assets (CIP-006)” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

The Responsible Entity must create and maintain a physical security program to ensure the protection of Critical Cyber Security Assets, approved by a senior manager or delegated Third-Party. It is required that that the said plan includes:

  • A Physical Security Plan
  • Physical Access Controls
  • Monitoring Physical Access
  • Logging Physical Access
  • Access Log Retention
  • Maintenance & Testing

[/et_pb_toggle][et_pb_toggle title=”Systems Security Management (CIP-007)” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Responsible Parties must define methods, processes, and procedures for securing Critical and Non-Critical Cyber Assets within the Electric Security Perimeter(s) and comply with the following standards:

  • Test Procedures
  • Ports and Services
  • Security Patch Management
  • Malicious Software Prevention
  • Account Management
  • Security Monitoring
  • Disposal or Redeployment
  • Cyber Vulnerability Assessment
  • Documentation Review and Maintanence

[/et_pb_toggle][et_pb_toggle title=”Incidient Reporting and Response Planning (CIP-008)” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Ensures the identification, classification, response and reporting of Cyber Security Incidents. To do this, the responsible entity must develop and maintain both a Cyber Security Incident Response Plan and keep the relevenat Cyber Security Incident Documentation reportable for three calendar years.

[/et_pb_toggle][et_pb_toggle title=”Recovery Plans for Critical Cyber Assets (CIP-009)” open_toggle_background_color=”#e6eaea” open_toggle_text_color=”#2b2b2b” closed_toggle_background_color=”#2b2b2b” title_font=”Droid Sans|on|||” title_font_size=”20px” title_text_color=”#ffffff” body_font=”Droid Sans||||” body_font_size=”17px” body_text_color=”#2d3743″ background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

Regulation to ensure that recovery plan(s) are put in place for Critical Cyber Assets and that these plans are consistent with the standard disaster recovery techniques and practices. This compliance requires:

  • Recovery Plans
  • Exercises
  • Change Control
  • Regular Backups
  • Testing Backup Media

[/et_pb_toggle][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”section” background_color=”#e6eaea” custom_padding=”24px|0px|0px|0px” _builder_version=”3.0.63″][et_pb_row admin_label=”row” custom_padding=”15px|0px|28px|0px” background_position=”top_left” background_repeat=”repeat” background_size=”initial”][et_pb_column type=”4_4″][et_pb_cta title=”Which Regulations Matter to You? ” button_url=”http://www.mdsny.com/contact/” button_text=”Learn More” use_background_color=”off” background_layout=”light” header_font=”Droid Sans|on|||” header_font_size=”30px” body_font=”Droid Sans||||” body_font_size=”19px” background_position=”top_left” background_repeat=”repeat” background_size=”initial”]

The certified professionals at MDS will help you determine which regulations your organization needs to meet.

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section bb_built=”1″ admin_label=”Blurb” background_color=”#2d3743″ inner_shadow=”on” custom_padding=”40px|0px|0px|0px” make_fullwidth=”on” _builder_version=”3.0.63″ global_module=”118956″][et_pb_row admin_label=”row” global_parent=”118956″ make_fullwidth=”on” custom_padding=”0px|0px|17px|0px” background_color=”#2d3743″ background_position_1=”top_left” background_position_2=”top_left” background_position_3=”top_left” background_repeat_1=”no-repeat” background_repeat_2=”no-repeat” background_repeat_3=”no-repeat” _builder_version=”3.0.63″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” background_image=”https://www.mdsny.com/wp-content/uploads/2017/05/light-bulbs-1125016_1920.jpg”][et_pb_column type=”1_2″][et_pb_blurb global_parent=”118956″ background_layout=”dark” _builder_version=”3.0.63″ header_font=”Droid Sans||||” header_font_size=”26px” header_text_color=”#d1d1d1″ body_font=”Droid Sans||||” body_font_size=”16px” body_text_color=”#dfdfdf” background_size=”initial” background_position=”top_left” background_repeat=”repeat” inline_fonts=”Droid Sans”]

Our Pledge:

Building out and maintaining your IT ecosystem doesn’t have to be a do-it-yourself project. MDS can help identify network issues, configure devices, and optimize your infrastructure to maximize efficiency and performance. Our consultants are highly trained technology specialists that understand the complexities of multi-vendor environments and have the knowledge and skills to help your business become more agile, customer-focused and operationally efficient.

[/et_pb_blurb][/et_pb_column][et_pb_column type=”1_4″][et_pb_blurb global_parent=”118956″ background_layout=”dark” _builder_version=”3.0.63″ header_font_size=”26px” header_text_color=”#d1d1d1″ body_font=”Droid Sans||||” body_font_size=”16px” body_text_color=”#dbdbdb” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

Upcoming Events:

Ransomware is on the rise: let’s talk about how to stay safe over some wine!

[/et_pb_blurb][/et_pb_column][et_pb_column type=”1_4″][et_pb_blurb global_parent=”118956″ background_layout=”dark” _builder_version=”3.0.63″ header_font_size=”26px” header_text_color=”#d1d1d1″ body_font=”Droid Sans||||” body_font_size=”16px” body_text_color=”#dfdfdf” background_size=”initial” background_position=”top_left” background_repeat=”repeat”]

Contacts: |

NYC Headquarters:
307 West 38th Street, Suite 1801
New York, NY 10018
Tel: 646-744-1000

Miami Office:
Tel: 786-899-2980
San Juan Office: Tel: 646-460-6229

Email
: contactus@mdsny.com

[/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section]