Understanding the NERC-CIP Regulations for Critical Infrastructure Organizations, 2018

With Stricter Enforcement Protocols Set to go into Effect by 2019, Critical National Infrastructure Organizations are Rapidly Implementing Specific Security Measures to Achieve Full Compliance

USD 1,500.00

* Required Fields

USD 1,500.00

PAY BY INVOICE

Be the first to review this product

The most significant threat is no longer threats to human lives or property from physical attacks—rather the threat lies in more covert warfare tactics, including cyber-attacks and attacks that can cripple, obstruct, or destroy operations within critical infrastructure facilities, such as utility companies, communications towers, ports, manufacturing facilities, or other critical services. In order to protect critical national infrastructure (CNI) entities from these more sophisticated attacks and ensure proper security postures, the North America Electric Reliability Corporation (NERC) has updated its Critical Infrastructure Protections (CIP) regulations to encourage CNI organizations to improve their securi

Research Scope

This research service includes all of the NERC-CIP regulations as written by the NERC Organization, as well as the listed measurements and evidence required for critical infrastructure. Each CIP includes the specified requirements for each compliance category as well as types of documentation, evidence, and plans to show requirements have been met. This service also includes analyst insight into the specific tasks to be performed for each requirement and a clear listing of evidence types for CNI organizations to provide in order to show compliance. This service further details some of the key vendors offering compliance technology solutions, consulting expertise in NERC-CIP regulations, or both types of services for customers. This listing, however, is not exhaustive of all vendors in the market. Key information includes:

  • NERC-CIP listings for requirements 002-011, and CIP-014
  • Listing of CIP measurements to show compliance
  • History of the NERC Organization and the evolution of the requirements
  • Key changes to the NERC-CIP regulatory enforcement and raised security profiles for CNI organizations
  • Summary of requirement listings and key takeaways for CNI organizations
  • Listing of key vendors and specialization

Key Issues Addressed

  • What are the full regulatory requirements for NERC-CIP compliance?
  • What is the history behind the evolution of the NERC-CIP requirements?
  • What documentation, measurements, or evidence do critical infrastructure entities need to provide to show compliance?
  • Who are some of the key vendors who can help critical infrastructure customers reach full compliance?
  • What NERC-CIP requirements do these vendors’ solutions help customers to achieve?

Table of Contents

Understanding the NERC-CIP Regulations for Critical Infrastructure Organizations, 2018Executive SummaryKey FindingsDefinitionsDefinitionsEvolution of NERC-CIP RequirementsThe New Cyber Threat—Critical Infrastructure SitesCritical Infrastructure Sites Already TargetedCritical Infrastructure Sites Already Targeted (continued) Standardizing the Regulatory EnvironmentRevised Standards to Meet Changing Technology NeedsDrivers and RestraintsMarket DriversDrivers ExplainedMarket RestraintsRestraints ExplainedRegulatory BreakdownIntroduction to NERC-CIP Regulations CIP-002: Classification of BES SystemsCIP-002: Classification of BES Systems (continued)CIP-003: Security Management ControlsCIP-003: Security Management Controls (continued)CIP-003: Security Management Controls (continued)CIP-004.1: Personnel and TrainingCIP-004.2: Personnel and TrainingCIP-004.3: Personnel and TrainingCIP-004, 4.1–4.2: Personnel and TrainingCIP-004, 4.3–4.4: Personnel and TrainingCIP-004, 5.1–5.3: Personnel and TrainingCIP-004, 5.4–5.5: Personnel and TrainingCIP-005, 1.1–1.5: Electronic Security PerimetersCIP-005, 2.1–2.3: Electronic Security PerimetersCIP-006, 1.1–1.3: Physical Security of BES Cyber SystemsCIP-006, 1.4–1.7: Physical Security of BES Cyber SystemsCIP-006, 1.8–1.10: Physical Security of BES Cyber SystemsCIP-006, 2.1–2.3: Physical Security of BES Cyber SystemsCIP-006, 3.1: Physical Security of BES Cyber SystemsCIP-007, 1.1–1.2: Cybersecurity Systems ManagementCIP-007, 2.1–2.2: Cybersecurity Systems ManagementCIP-007, 2.3–2.4: Cybersecurity Systems ManagementCIP-007, 3.1–3.3: Cybersecurity Systems ManagementCIP-007, 4.1–4.4: Cybersecurity Systems ManagementCIP-007, 5.1–5.4: Cybersecurity Systems ManagementCIP-007, 5.5–5.7: Cybersecurity Systems ManagementCIP-008, 1.1–1.4: Cybersecurity Incident Reporting and Response PlanningCIP-008, 2.1–2.3: Cybersecurity Incident Reporting and Response PlanningCIP-008, 3.1–3.2: Cybersecurity Incident Reporting and Response PlanningCIP-009, 1.1–1.5: Recovery Plans for BES Cyber SystemsCIP-009, 2.1–2.3: Recovery Plans for BES Cyber SystemsCIP-009, 3.1–3.2: Recovery Plans for BES Cyber SystemsCIP-010, 1.1–1.2: Configuration Change Management and Vulnerability AssessmentsCIP-010, 1.3–1.5: Configuration Change Management and Vulnerability AssessmentsCIP-010, 2.1: Configuration Change Management and Vulnerability AssessmentsCIP-010, 3.1–3.2: Configuration Change Management and Vulnerability AssessmentsCIP-010, 3.3–3.4: Configuration Change Management and Vulnerability AssessmentsCIP-010, 4.1: Configuration Change Management and Vulnerability AssessmentsCIP-011, 1.1–1.2: Cybersecurity Information ProtectionCIP-011, 2.1–2.2: Cybersecurity Information ProtectionCIP-014, 1.1–1.2: Physical SecurityCIP-014, 2.1–2.4: Physical SecurityCIP-014, 3.1: Physical SecurityCIP-014, 5.1–5.4: Physical SecurityCIP-014, 6.1–6.4: Physical SecurityKey VendorsVendor Landscape per RegulationSolution Providers or ConsultanciesGrowth OpportunitiesGrowth Opportunity 1—Consultancy ServicesGrowth Opportunity 2—Industrial-Specific Cyber SolutionsGrowth Opportunity 3—Ongoing Security ConvergenceGrowth Opportunity 4—Partner Networks for Full ComplianceStrategic Imperatives for Success and Growth The Last WordThe Last Word—3 Big PredictionsLegal DisclaimerAppendixList of ExhibitsThe Frost & Sullivan StoryThe Frost & Sullivan StoryValue Proposition—Future of Your Company & CareerGlobal PerspectiveIndustry Convergence360º Research PerspectiveImplementation ExcellenceOur Blue Ocean Strategy




Related Research

Release Date : 17-Oct-18

Region : North America

Release Date : 06-Sep-16

Region : Asia Pacific

Why Frost & Sullivan

Working with the CEO’s growth team to create a vision based on a transformation growth strategy

Creating content-based digital marketing strategies that leverage our research perspective to differentiate and “tell your story”

Tracking over 1000 emerging technologies and analyzing the impact by industry and application to reveal the companies to watch in each sector

The Frost & Sullivan team is based in our 45 global offices and have developed a powerful global understandings of how industries operate on a global level.