NERC CIP within Cyber Integrity is provided by the PAS Compliance - NERC CIP asset model. This feature allows electric utilities to easily respond to and report their compliance with the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) guidelines.
NERC CIP is needed if you are an electric business, but it is not required for process industries. To use the NERC CIP feature, your license must support this model.
To implement the PAS Compliance - NERC CIP asset model:
-
Import the PAS Compliance - NERC CIP asset model. For more information, see Loading (Importing) Asset Models.
-
Create a Compliance - NERC CIP asset. For more information, see Adding, Modifying, and Deleting Assets (Data Owners).
-
Define your asset hierarchy. For more information, see Understanding and Defining Your Asset Hierarchy.
The following table shows the NERC CIP functions handled by Cyber Integrity.
Standard |
Requirement |
Functionality |
---|---|---|
CIP-002 |
R1 Inventory R2 Review Inventory |
|
CIP-003 |
R1 Cybersecurity Policy R4 MOC |
|
CIP-004 |
R4 Access Management |
|
CIP-005 |
R1 Access Control and Monitoring |
|
CIP-006 |
R5-R7 Physical Access |
|
CIP-007 |
R1 Ports and Services R2 Patching R3 Malicious Code Prevention R4-R5 Account Management |
|
CIP-008 |
R1 Incident Response Plan R3 Review and Update |
|
CIP-009 |
R1 Disaster Recovery Plan R2 Review and Update |
|
CIP-010 |
R1 Configuration Change Management R2 Configuration Monitoring R3 Vulnerability Assessment |
|