“Regulatory compliance is considered one of the primary business risks for
industries such as the energy utilities. The National Energy Regulatory
Commission (NERC) can fine a company up to $1 million a day for
non-compliance," said
Rick Doten, vice president of cyber security for DMI.
http://smart-grid.tmcnet.com/channels/nerc-compliance/articles/287417-importance-developing-nerc-compliance-procedures.htm
Tuesday, April 24, 2012
Friday, April 20, 2012
Corporate Risk Solutions’ NERC CIP Compliance Guide Addresses Version 4
The recent announcement of the Federal Energy
Regulatory Commission (FERC) approving the final rule that updates certain
reliability standards (www.ferc.gov/.../Files/20120419105338-summaries.pdf) may have some utilities shaken up. This
final rule approves the Version 4 CIP Reliability Standards submitted by the
North American Electric Reliability Corp (NERC), and involves a change in the
way Critical Assets are identified. These NERC CIP Reliability Standards
provide a framework to identify and protect Critical Cyber Assets in
association with Critical Assets that support the Bulk-Power System.
While
those involved with NERC Compliance may be worried about what this means for
previous version of the Standards, Corporate Risk Solutions, Inc. (CRSI) has a
solution to help lessen the blow. CRSI has produced an extensive, holistic NERC
CIP Compliance Guide that includes guidance for Version 4 as approved by the
NERC Board of Trustees.
CRSI’s NERC CIP Compliance Guide
includes narration of each of the NERC CIP Requirements and supporting
information to assist with comprehension and compliance. Not only does the Guide
provide detailed information as to what documentation is needed per Requirement
and Sub-Requirement and details additional evidence that must be provided
during an audit to achieve compliance, but it also provides best practice
recommendations and problem areas to avoid.
So far, CRSI has sold 160 Guides to utilities
across all eight NERC Regions. Clients have been providing CRSI with great
feedback about the functionality and features of the Compliance Guide. The
Compliance Guide is designed for all members of the company. Those that will
benefit most from the Guide are Subject Matter Experts, members of the internal
Compliance Team, Senior Executives, Management, employees dealing directly with
NERC CIP on a daily basis. The Guide is designed as a reference source for all
NERC CIP compliance questions.
For future versions of the Guide, a
significant discount will be offered only to those who have previously
purchased the first edition. It is
intended that in future versions (Version 5), the Guide will be offered in a
web format so it can operate within an Intranet platform for which a
subscription service from CRSI will maintain the currency of and provide
enhancements to the Guide and supporting templates. Significant discounts will
also be offered for the web format only to those who have previously purchased
the first edition. It is anticipated that the information contained in this
Guide will be valid and applicable for a minimum of 18-24 months.
For information on how to order, request a
sample, or get in contact with a fellow user of the NERC CIP Compliance Guide,
contact Travis Emerson at temerson@corprisk.net
or call 913-322-5404. Visit www.corprisk.net/services/nerc-cip-compliance-guide
to find out how CRSI’s clients have found value in the Compliance Guide.
CRSI is a wholly-owned subsidiary security consulting firm of Corporate
Enterprise Security, Inc. CRSI specializes
in NERC operational and CIP Compliance (693 and 706), as well as cyber and
physical security solutions to the energy and government sectors. CRSI has
provided consulting services to more than 100 electric utilities across all
eight (8) NERC regions and is also under contract by NERC Regional Entities for
Audit Support. For more information, contact: Trisha Breckenridge, Marketing
Associate, 913-422-0410. Email: info@corpenterprisesec.com.
Thursday, April 19, 2012
FERC Approves Version 4
FERC approves final rule that updates certain reliability standards
E-6, Version 4 Critical Infrastructure Protection Reliability Standards, Docket No. RM11-11-000. This final rule approves the Version 4 CIP Reliability Standards submitted by the North American Electric Reliability Corp (NERC) and retires the currently-effective Version 3 CIP Reliability Standards. The CIP Reliability Standards provide a cyber-security framework for the identification and protection of “Critical Cyber Assets” associated with “Critical Assets” that support the reliable operation of the Bulk-Power System. The main difference between Version 3 and Version 4 is found in CIP-002-4 and involves a change in the way “Critical Assets” are identified. Specifically, Version 4 includes uniform “bright line” criteria for the identification of “Critical Assets,” which replace the “risk-based assessment methodology” developed and applied by individual responsible entities under Version 3. The final rule does not include any new substantive directives, but it does provide NERC with guidance regarding achieving full compliance with the directives contained in Order No. 706. The final rule also imposes a deadline of March 31, 2013 by which time NERC must submit the next version of the CIP Reliability Standards and further requires NERC to provide quarterly status reports on its CIP development efforts.
For your information, here is the item from FERC’s meeting summary: http://www.ferc.gov/EventCalendar/Files/20120419105338-summaries.pdf
E-6, Version 4 Critical Infrastructure Protection Reliability Standards, Docket No. RM11-11-000. This final rule approves the Version 4 CIP Reliability Standards submitted by the North American Electric Reliability Corp (NERC) and retires the currently-effective Version 3 CIP Reliability Standards. The CIP Reliability Standards provide a cyber-security framework for the identification and protection of “Critical Cyber Assets” associated with “Critical Assets” that support the reliable operation of the Bulk-Power System. The main difference between Version 3 and Version 4 is found in CIP-002-4 and involves a change in the way “Critical Assets” are identified. Specifically, Version 4 includes uniform “bright line” criteria for the identification of “Critical Assets,” which replace the “risk-based assessment methodology” developed and applied by individual responsible entities under Version 3. The final rule does not include any new substantive directives, but it does provide NERC with guidance regarding achieving full compliance with the directives contained in Order No. 706. The final rule also imposes a deadline of March 31, 2013 by which time NERC must submit the next version of the CIP Reliability Standards and further requires NERC to provide quarterly status reports on its CIP development efforts.
For your information, here is the item from FERC’s meeting summary: http://www.ferc.gov/EventCalendar/Files/20120419105338-summaries.pdf
Subscribe to:
Posts (Atom)