Nerc Cip 5 Compliance–What You Need To Know

NERC CIP 5 Compliance—What you need to know

First and foremost you need to know that NERC CIP 5 Compliance is mandatory for all power grid operators, owners, generators and transmission entities. CIP-005 is titled “Cyber Security-Electronic Security Perimeter. The purpose of CIP-005 is to manage electronic access to cyber system by specifying a controlled perimeter and protecting assets within the perimeter against compromise, threats or attacks that could lead to dysfunction, outages or instability in the North American Bulk Power Grid.

Here’s what you need to know, to stay compliant in real-time, all-the-time.shutterstock_155657501

1. At present, NERC is requiring all entities to be compliant to Version 3 of CIP-005 (called CIP-005-3). Because of the dynamic changes and revisions to the Reliability Standards, NERC has skipped Version 4; and now entities need to prepare to be compliant to Version 5, called CIP-005-5. CIP-005-5 will become effective  no later than  July 1, 2015 or the first calendar day of the ninth calendar quarter after the effective date of the order providing applicable regulatory approval.

2. Compliance with CIP-005-5 is interrelated with the entire suite of CIP standards (CIP-002 to CIP-0111).


3. NERC CIP 005-5 includes requirements that govern the electronic security perimeter, all access points, user log-ins, electronic access controls, cyber vulnerability assessment, review and maintenance.

4 . NERC CIP 5 compliance is reliant upon your ability to prove your entity is following all the steps, standards and requirements detailed in CIP-005. NERC has created a set of documented processes that are a specific set of instructions that should lead to a specific outcome. NERC does not require your entity to create a specific corporate structure to address these documented processes; but rather to just address the applicable requirements and outcomes.  

5. The lack of guidance on implementation from NERC is both a blessing and a curse. It freeing to to be able to operate your entity as your business model dictates; but at the same time, difficult to navigate NERC CIP without guidance. The bottom line: as long as you can prove you are compliant with the NERC requirements; then you are considered compliant. The best way to provide proof of compliance is with the automated event capture and dashboard reporting provided by Portal Compliance from Versify Solutions.

Do you find yourself wanting more NERC CIP 5 Compliance information? Please contact Versify Solutions today, to discuss all your compliance related needs!