NERC CIP

Summary

The North American Electric Reliability Corporation Reliability Standards are developed using an industry-driven, ANSI-accredited process that ensures the process is open to anyone who is directly and materially affected by the reliability of the North American bulk power system. The version used for this section is NERC CIP v5 Standards.

Definitions

Definition	Requirements
NERCCIP-003-8_3_1. Electronic access controls	176. Restrict system objects
NERCCIP-003-8_3_2. Electronic access controls	264. Request authentication
NERCCIP-003-8_5_1. Transient cyber asset and removable media malicious code risk mitigation	273. Define a fixed security suite 041. Scan files for malicious code
NERCCIP-004-6_R5. Access revocation	114. Deny access with inactive credentials 034. Manage user accounts
NERCCIP-005-5_R1_3. Electronic security perimeter	341. Use the principle of deny by default 096. Set user's required privileges
NERCCIP-005-5_R1_4. Electronic security perimeter	264. Request authentication
NERCCIP-005-5_R1_5. Electronic security perimeter	273. Define a fixed security suite
NERCCIP-005-5_R2_2. Interactive remote access management	181. Transmit data using secure protocols
NERCCIP-007-6_R1_1. Ports and services	250. Manage access points 255. Allow access only to the necessary ports
NERCCIP-007-6_R3_1. Malicious code prevention	155. Application free of malicious code
NERCCIP-007-6_R4_1. Security event monitoring	075. Record exceptional events in logs
NERCCIP-007-6_R5_1. System access control	264. Request authentication
NERCCIP-007-6_R5_4. System access control	142. Change system default credentials
NERCCIP-007-6_R5_5. System access control	132. Passphrases with at least 4 words 133. Passwords with at least 20 characters
NERCCIP-007-6_R5_6. System access control	130. Limit password lifespan
NERCCIP-007-6_R5_7. System access control	237. Ascertain human interaction
NERCCIP-011-2_R1_2. Information protection	181. Transmit data using secure protocols 185. Encrypt sensitive information
NERCCIP-011-2_R2_1. BES cyber asset reuse and disposal	183. Delete sensitive data securely

Last updated

2023/09/18