In November 2013, the Federal Energy Regulatory Commission (FERC) approved Version 5 of the NERC CIP (Critical Infrastructure Protection) standards, which provides a significant change from Version 3 of the CIP standards and completely bypasses the implementation of the proposed Version 4. A Transition Program will be used during the implementation of Version 5, which will be fully enforced beginning on April 1, 2016. Additional information about the Transition Program is on the official NERC website.
Two CIP standards are new to Version 5: CIP-010 (Configuration Change Management and Vulnerability Assessments) and CIP-011 (Information Protection) are included in the latest revision. The new standards consolidate requirements that were previously included in other CIP standards, including CIP-003, CIP-005, and CIP-007. Each new standard also specifies that a “Responsible Entity” is required to document processes involved with the implantation of each of the standards’ requirements.
Do your security and compliance programs meet the new CIP Reliability Standards? Have you identified any gaps and if so, what potential solutions are available to meet the new and revised requirements? Download a copy of Tenable’s whitepaper, Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations, for more details about Version 5 of the NERC CIP Standards and how Tenable can help you make your organization more secure and compliant.