NERC CIP-003 mandates specific policies and procedures for handling removable media and transient cyber assets to bolster cybersecurity measures within the defined Electronic Security Perimeter

NERC CIP-003 includes requirements for establishing and maintaining an incident response plan to address and mitigate cybersecurity incidents that may occur within the defined Electronic Security Perimeter of critical cyber assets in the North American power grid infrastructure.

NERC CIP-003 primarily focuses on securing the electronic access points of Critical Cyber Assets within the defined Electronic Security Perimeter of the North American power grid infrastructure.

NERC CIP-003 includes a small physical security portion for low impact BES Cyber Systems, mandating the implementation of specified physical access controls to the defined Electronic Security Perimeter.

NERC CIP-003 includes requirements for establishing and maintaining a cyber security awareness program that aims to educate and train personnel about potential cyber threats and vulnerabilities, promoting a culture of cyber security within the organization.

NERC CIP-003 (Critical Infrastructure Protection) is a cybersecurity standard that focuses on securing the electronic security perimeters of critical assets in the North American power grid.

NERC CIP-003 addresses exception circumstances by allowing responsible entities within the North American electricity industry to document and justify deviations from the standard's requirements in specific situations where full compliance may not be immediately achievable, provided that they implement alternative compensating measures to ensure the security and reliability of critical cyber assets.

NERC CIP-003's transient cyber asset portion includes measures to identify and protect critical cyber assets that have a temporary or intermittent connection to the control system network, ensuring their security during the time they are connected and minimizing potential vulnerabilities that could be exploited within the North American electricity industry.

NERC CIP-003 establishes requirements for Electronic Security Perimeters (ESPs), which are defined network boundaries implemented to safeguard critical cyber assets within the bulk electric system by controlling and monitoring access to those assets.

NERC has levied a $10M cyber security violation fine. Could this happen to you?