Attaining and Sustaining NERC CIP Compliance

NERC CIP Compliance. Take Control!

WEBCAST

Are you protected from Stuxnet or the next generation of malware? Download our recorded webcast to learn more.

REPORT

Learn more about the latest developments with CIP Version 4

Honeywell has been working for over 10 years to help industrial organizations just like yours. We can accurately assess your organization’s requirements for compliance with current or future CIP versions. Our experience in NERC CIP compliance includes:

Over 10 years of maintaining and enhancing the security of SCADA and DCS systems
Over four years of NERC CIP consulting services — more than any other organization
Cyber security guidance for NERC members for five years
Our role as one of 12 voting members of the NERC Control Systems Security Working Group
Deploying a sustainable solution to ensure you both attain and maintain compliance

Find out what’s missing in your
NERC CIP Compliance program.

Regulatory Knowledge: we know and understand:
- NERC CIP Reliability Standards
- the application of security and procedural controls
- how to maintain and demonstrate NERC CIP compliance
Technical Knowledge: we know and understand:
- the latest cyber security technologies
- industrial software solutions — the basis for Compliance Manager
Industry Knowledge: since 1988, we have worked in process control industries, giving us:
- an unmatched understanding of SCADA and DCS environments
- an understanding of how your systems work and the challenges you face in securing them
Vendor-neutral Solutions: we work with any technology application:
- experience with over 60 types of control systems
- reseller agreements for a wide range of security technologies

Get your complete
NERC CIP Services and Solutions

Honeywell offers a complete range of services to assist you in attaining and maintaining NERC CIP security compliance, some of which are supported by Compliance Manager, a software solution designed to manage NERC CIP compliance.

NERC CIP Gap analysis
- identify the policies, procedures and technologies in place now
- understand what is needed in order to comply with NERC CIP
NERC CIP cyber vulnerability assessment
- annual cyber vulnerability assessments
NERC CIP Version 4
- broadening the scope of cyber assets subject to NERC CIP compliance
NERC CIP 002 - 009 Reliability Standards

NERC CIP 002-009 Reliability Standards - Version 3
NERC CIP-002: Critical Cyber Asset Identification	Facilitate Critical Asset (CA) identification Facilitate Critical Cyber Asset (CCA) identification Assessment of CIP Version 4 impact Maintain CCA lists, document annual reviews
NERC CIP-003: Security Management Controls	Cyber security policy review and development Procedures for handling security policy exceptions Information protection program review and development Change and configuration management programs Change management program workflow and documentation Configuration management program workflow and documentation
NERC CIP-004: Personnel and Training	Develop and maintain security awareness program Develop and/or implement role-based security training program Automate training tracking and documentation Automate Personnel Risk Assessment documentation and reminders Maintain and automatically update lists of access to CCAs Manually or automatically remove CCA access upon employee termination
NERC CIP-005: Electronic Security Perimeter(s)	Identify, document and minimize size of Electronic Security Perimeters (ESP) Processes and procedures for ESP access control Technologies for ESP access control, including Secure Administration Gateway Environment (SAGE) Implement SIEM or log management for monitoring and logging access Annual NERC CIP cyber vulnerability assessment of ESP access points Manage and update ESP documentation
NERC CIP-006: Physical Security	Develop and update physical security plan Design and implement access control and monitoring solutions Protect Cyber Assets for physical security permission (PSP) access (per CIP-006 R2) Manage documentation of physical access controls
NERC CIP-007: Systems Security Management	Design test environment and test procedures Identify open ports and services Disable unnecessary ports and services Patch management, malicious software and account management procedures and technologies Prepare and submit Technical Feasibility Exception (TFE) requests Implement SIEM or log management for monitoring and logging access Annual NERC CIP cyber vulnerability assessment of specific security controls on Cyber Assets in the ESP Patch Evaluation Subscription service Automate patch management workflow and automatically verify patch application Maintain CCA access lists and update manually or automatically Manually or automatically remove CCA access upon employee termination
NERC CIP-008: Incident Reporting and Response Planning	Implement or revise incident response plan Facilitate annual incident response plan tests Manage incident response plan documentation and workflow
NERC CIP-009: Recovery Plans for Critical Cyber Assets	Develop CCA recovery plans Test and update CCA recovery plans Manage recovery plan documentation and workflow

Pacesetter Industry News

Receive updates about new developments in your industry.

Rate

Rate This Page

How useful did you find this content?

Comments

Home > Industrial Security > NERC Compliance