NERC-CIP and its related components
Components Related to NERC-CIP Access Control Compliance
The NERC-CIP compliance is based on four major continued success objectives: reliability, assurance, risk based approach and continued learning. These objectives are achieved through multiple standards and subsequent requirements set forth by the NERC organization.
Each standard covers basic requirements related to that particular domain of security and reliability of electric operations. For instance, CIP-006-1 standard relates to the physical security requirements. Let’s expand on this further.
According to this standard, NERC-CIP access control compliance should make sure that a robust physical security policy based on 'need-to-know' should be in place. The access should be ID based and properly managed for possible tracking of the same. The critical assets should be properly guarded.
How to Achieve NERC-CIP Physical Security Compliance?
To achieve the NERC-CIP physical security compliance, you should fulfill all 6 main requirements as well as their sub requirements as mentioned in the CIP-006-1 standard. You need to take the corrective measures against any noncompliance that persists in your company. Once, you are done with the requirements, procedures, and documents, you can apply for NERC-CIP physical security compliance check and get your compliance certified by the concerned authorities.
What Processes and Procedures Needed to Be In Place?
- A complete security plan, which should cover critical assets, access point and procedure to access
- Documented physical access control with any one of these access methods – special locks, card keys, security personnel or any other authenticating devices
- Documented physical access monitoring process, including alarm systems, or access point monitoring by human guards
- A logging system for physical access manually as well as electronically
- Access logs retention policy
- A complete testing and maintenance policy for security equipment
What Companies Are Required to Have NERC-CIP Compliance?
All bulk electric companies commonly referred as bulk power system (BPS) that provide electric power to huge population are required to adhere to NERC-CIP compliance strictly. They are also required to conduct annual audit for the same too.
Quick Checklist to Check for NERC-CIP Compliance
- Procedural controls restricting physical access
- Need-to-Know based physical access mechanism
- Unescorted physical access procedure
- Physical access monitoring procedure
- Proper alarm system and policy in place against any unauthorized access
- Log registration policy along with the security check and balance
- Log retention policy for at least past 90 days