Understanding the NERC-CIP Regulations for Critical Infrastructure Organizations, 2018

Understanding the NERC-CIP Regulations for Critical Infrastructure Organizations, 2018

With Stricter Enforcement Protocols Set to go into Effect by 2019, Critical National Infrastructure Organizations are Rapidly Implementing Specific Security Measures to Achieve Full Compliance

RELEASE DATE
03-Oct-2018
REGION
North America
Research Code: 9AB0-00-5A-00-00
SKU: AE01311-NA-MR_22414

$1,500.00

Special Price $1,125.00 save 25 %

In stock
SKU
AE01311-NA-MR_22414

$1,500.00

$1,125.00 save 25 %

DownloadLink

Pay by invoice

ENQUIRE NOW

Description

The most significant threat is no longer threats to human lives or property from physical attacks—rather the threat lies in more covert warfare tactics, including cyber-attacks and attacks that can cripple, obstruct, or destroy operations within critical infrastructure facilities, such as utility companies, communications towers, ports, manufacturing facilities, or other critical services. In order to protect critical national infrastructure (CNI) entities from these more sophisticated attacks and ensure proper security postures, the North America Electric Reliability Corporation (NERC) has updated its Critical Infrastructure Protections (CIP) regulations to encourage CNI organizations to improve their security posture; protect their information and operational technology systems, networks, and physical assets; and plan for how to keep their networks and assets secure through a continually advancing technological environment. The NERC-CIP regulations provide specific guidance, requirements, and measures for CNI organizations to follow to protect their current assets, enforce proper security protocols and standards, plan for and respond to any security incidents accordingly, and ensure their assets remain protected from malicious actors.

Research Scope

This research service includes all of the NERC-CIP regulations as written by the NERC Organization, as well as the listed measurements and evidence required for critical infrastructure. Each CIP includes the specified requirements for each compliance category as well as types of documentation, evidence, and plans to show requirements have been met. This service also includes analyst insight into the specific tasks to be performed for each requirement and a clear listing of evidence types for CNI organizations to provide in order to show compliance. This service further details some of the key vendors offering compliance technology solutions, consulting expertise in NERC-CIP regulations, or both types of services for customers. This listing, however, is not exhaustive of all vendors in the market. Key information includes:

  • NERC-CIP listings for requirements 002-011, and CIP-014
  • Listing of CIP measurements to show compliance
  • History of the NERC Organization and the evolution of the requirements
  • Key changes to the NERC-CIP regulatory enforcement and raised security profiles for CNI organizations
  • Summary of requirement listings and key takeaways for CNI organizations
  • Listing of key vendors and specialization

Key Issues Addressed

  • What are the full regulatory requirements for NERC-CIP compliance?
  • What is the history behind the evolution of the NERC-CIP requirements?
  • What documentation, measurements, or evidence do critical infrastructure entities need to provide to show compliance?
  • Who are some of the key vendors who can help critical infrastructure customers reach full compliance?
  • What NERC-CIP requirements do these vendors’ solutions help customers to achieve?

Table of Contents

Key Findings

Definitions

The New Cyber Threat—Critical Infrastructure Sites

Critical Infrastructure Sites Already Targeted

Critical Infrastructure Sites Already Targeted (continued)

Standardizing the Regulatory Environment

Revised Standards to Meet Changing Technology Needs

Market Drivers

Drivers Explained

Market Restraints

Restraints Explained

Introduction to NERC-CIP Regulations

CIP-002: Classification of BES Systems

CIP-002: Classification of BES Systems (continued)

CIP-003: Security Management Controls

CIP-003: Security Management Controls (continued)

CIP-003: Security Management Controls (continued)

CIP-004.1: Personnel and Training

CIP-004.2: Personnel and Training

CIP-004.3: Personnel and Training

CIP-004, 4.1–4.2: Personnel and Training

CIP-004, 4.3–4.4: Personnel and Training

CIP-004, 5.1–5.3: Personnel and Training

CIP-004, 5.4–5.5: Personnel and Training

CIP-005, 1.1–1.5: Electronic Security Perimeters

CIP-005, 2.1–2.3: Electronic Security Perimeters

CIP-006, 1.1–1.3: Physical Security of BES Cyber Systems

CIP-006, 1.4–1.7: Physical Security of BES Cyber Systems

CIP-006, 1.8–1.10: Physical Security of BES Cyber Systems

CIP-006, 2.1–2.3: Physical Security of BES Cyber Systems

CIP-006, 3.1: Physical Security of BES Cyber Systems

CIP-007, 1.1–1.2: Cybersecurity Systems Management

CIP-007, 2.1–2.2: Cybersecurity Systems Management

CIP-007, 2.3–2.4: Cybersecurity Systems Management

CIP-007, 3.1–3.3: Cybersecurity Systems Management

CIP-007, 4.1–4.4: Cybersecurity Systems Management

CIP-007, 5.1–5.4: Cybersecurity Systems Management

CIP-007, 5.5–5.7: Cybersecurity Systems Management

CIP-008, 1.1–1.4: Cybersecurity Incident Reporting and Response Planning

CIP-008, 2.1–2.3: Cybersecurity Incident Reporting and Response Planning

CIP-008, 3.1–3.2: Cybersecurity Incident Reporting and Response Planning

CIP-009, 1.1–1.5: Recovery Plans for BES Cyber Systems

CIP-009, 2.1–2.3: Recovery Plans for BES Cyber Systems

CIP-009, 3.1–3.2: Recovery Plans for BES Cyber Systems

CIP-010, 1.1–1.2: Configuration Change Management and Vulnerability Assessments

CIP-010, 1.3–1.5: Configuration Change Management and Vulnerability Assessments

CIP-010, 2.1: Configuration Change Management and Vulnerability Assessments

CIP-010, 3.1–3.2: Configuration Change Management and Vulnerability Assessments

CIP-010, 3.3–3.4: Configuration Change Management and Vulnerability Assessments

CIP-010, 4.1: Configuration Change Management and Vulnerability Assessments

CIP-011, 1.1–1.2: Cybersecurity Information Protection

CIP-011, 2.1–2.2: Cybersecurity Information Protection

CIP-014, 1.1–1.2: Physical Security

CIP-014, 2.1–2.4: Physical Security

CIP-014, 3.1: Physical Security

CIP-014, 5.1–5.4: Physical Security

CIP-014, 6.1–6.4: Physical Security

Vendor Landscape per Regulation

Solution Providers or Consultancies

Growth Opportunity 1—Consultancy Services

Growth Opportunity 2—Industrial-Specific Cyber Solutions

Growth Opportunity 3—Ongoing Security Convergence

Growth Opportunity 4—Partner Networks for Full Compliance

Strategic Imperatives for Success and Growth

The Last Word—3 Big Predictions

Legal Disclaimer

List of Exhibits

The Frost & Sullivan Story

Value Proposition—Future of Your Company & Career

Global Perspective

Industry Convergence

360º Research Perspective

Implementation Excellence

Our Blue Ocean Strategy

Related Research
The most significant threat is no longer threats to human lives or property from physical attacks—rather the threat lies in more covert warfare tactics, including cyber-attacks and attacks that can cripple, obstruct, or destroy operations within critical infrastructure facilities, such as utility companies, communications towers, ports, manufacturing facilities, or other critical services. In order to protect critical national infrastructure (CNI) entities from these more sophisticated attacks and ensure proper security postures, the North America Electric Reliability Corporation (NERC) has updated its Critical Infrastructure Protections (CIP) regulations to encourage CNI organizations to improve their security posture; protect their information and operational technology systems, networks, and physical assets; and plan for how to keep their networks and assets secure through a continually advancing technological environment. The NERC-CIP regulations provide specific guidance, requirements, and measures for CNI organizations to follow to protect their current assets, enforce proper security protocols and standards, plan for and respond to any security incidents accordingly, and ensure their assets remain protected from malicious actors.--BEGIN PROMO--

Research Scope

This research service includes all of the NERC-CIP regulations as written by the NERC Organization, as well as the listed measurements and evidence required for critical infrastructure. Each CIP includes the specified requirements for each compliance category as well as types of documentation, evidence, and plans to show requirements have been met. This service also includes analyst insight into the specific tasks to be performed for each requirement and a clear listing of evidence types for CNI organizations to provide in order to show compliance. This service further details some of the key vendors offering compliance technology solutions, consulting expertise in NERC-CIP reg

More Information
No Index No
Podcast No
Author Danielle VanZandt
Industries Aerospace, Defence and Security
WIP Number 9AB0-00-5A-00-00
Is Prebook No
GPS Codes 9000-A1,9831-A1,9AC9-A3