Fluid Attacks Database

NERC CIP

Last updated: 2023/09/18

The North American Electric Reliability Corporation Reliability Standards are developed using an industry-driven, ANSI-accredited process that ensures the process is open to anyone who is directly and materially affected by the reliability of the North American bulk power system. The version used for this section is NERC CIP v5 Standards.

Control-Requirement Mapping

Definition	Requirements
003-8_3_1. Electronic access controls	176. Restrict system objects
003-8_3_2. Electronic access controls	264. Request authentication
003-8_5_1. Transient cyber asset and removable media malicious code risk mitigation	273. Define a fixed security suite 041. Scan files for malicious code
004-6_R5. Access revocation	114. Deny access with inactive credentials 034. Manage user accounts
005-5_R1_3. Electronic security perimeter	341. Use the principle of deny by default 096. Set user's required privileges
005-5_R1_4. Electronic security perimeter	264. Request authentication
005-5_R1_5. Electronic security perimeter	273. Define a fixed security suite
005-5_R2_2. Interactive remote access management	181. Transmit data using secure protocols
007-6_R1_1. Ports and services	250. Manage access points 255. Allow access only to the necessary ports
007-6_R3_1. Malicious code prevention	155. Application free of malicious code
007-6_R4_1. Security event monitoring	075. Record exceptional events in logs
007-6_R5_1. System access control	264. Request authentication
007-6_R5_4. System access control	142. Change system default credentials
007-6_R5_5. System access control	132. Passphrases with at least 4 words 133. Passwords with at least 20 characters
007-6_R5_6. System access control	130. Limit password lifespan
007-6_R5_7. System access control	237. Ascertain human interaction
011-2_R1_2. Information protection	181. Transmit data using secure protocols 185. Encrypt sensitive information
011-2_R2_1. BES cyber asset reuse and disposal	183. Delete sensitive data securely

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.