NERC CIP Compliance

Network & Security Technologies (N&ST) provides NERC CIP compliance consulting services specializing in electric utility industry critical infrastructure protection. N&ST has unparalleled experience assisting Responsible Entities who seek to assess, build, or maintain their NERC CIP compliance programs. The following services can either stand alone or be combined to provide a comprehensive compliance service offering.

NERC CIP Program Development

A CIP Program is the backbone to your entire CIP security and compliance program. Your program guides your teams to do the right thing when it comes to security and compliance tasks and actions. Working with your team, N&ST’s Security Consultants will help develop, update, or renew your NERC CIP Program through research of your existing processes, interviews with staff, and assessments of your documents and data. Our team will provide your organization a lasting and effective plan for managing your compliance efforts, including preparing you to perform proper ongoing program maintenance.

NERC CIP Gap Analysis

With the ever-changing NERC CIP landscape, a periodic review of your NERC CIP policies and procedures will strengthen your program of compliance and associated security risk mitigation. N&ST began conducting NERC CIP Gap Analyses and Assessments in the early phases of the cyber protection program initiatives and has continued following the migration and expansion of the CIP Standards up through the current versions. Our regular attendance at Standard Drafting Team (SDT) meetings has also kept us apprised of the latest potential Standard changes and better suits us to perform their projections for your Gap Analysis.

NERC CIP RSAW Development

Your RSAW document tells your compliance story to the auditors through your own words and supporting evidence. You want it to be the best. N&ST’s Security Consultants will assist you to research and assemble the right information for your story to provide a foundation to help demonstrate substantial compliance during your NERC Audit.

NERC CIP Audit Preparation

Audits are intimidating. Preparing for an audit is a daunting task. One area that is often overlooked is Subject Matter Expert preparation. The spotlight is on those team members. Nerves and related reactions can result in a poor audit outcome. N&ST’s Security Consultants will work with your Subject Matter Experts (SMEs) to help prepare them for the audit and allay those fears.

NERC CIP Mock Audit

Your RSAWs are complete, SMEs are ready, yet the audit process of evidence gathering and interview sessions is approaching. A Mock Audit will clarify the advance effort needed to prepare for and testify during an audit. N&ST’s Security Consultants will help your teams by providing a simulated NERC CIP Audit environment and may include interviews and inspections at selected facilities. Our trained NERC CIP compliance auditors will help you understand what to expect from the auditors, including what to do and what not to do during the audit.

NERC CIP Remediation Services

Even if your remediation efforts are due to program changes, gap analysis results, audit findings, or you simply want to improve your security posture, N&ST’s Security Consultants have the expertise and experience necessary to assist and guide you through the planning and execution phases of your remediation projects.

NERC CIP Vulnerability Assessment

Vulnerability Assessments prove that your program is effective in both security measures and compliance. Whether you need an Active or Passive Vulnerability Assessment, N&ST’s Security Consultants will help you to comply with the requirements using a time-proven methodology.

NERC CIP Supply Chain Management

One of the newest NERC CIP standards, CIP-013 will have a major impact on the electric utility industry. We are actively working to understand the impact of current and future requirements. N&ST’s Security Consultants are able to apply that knowledge to assess your program and develop your Supply Chain Cyber Security Risk Management Plan.