Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What is required by the NERC CIP?

CIP nerc
0
Posted

What is required by the NERC CIP?

0 CommentsAdd a Comment

1 Answer

0

In many ways, NERC CIP assessments resemble those used in other industries: covered entities are required to identify critical assets and to perform a risk-based assessment of those assets on a regular basis (CIP-002-01). Policies for monitoring and changing the configuration of critical assets need to be defined, as do policies governing access to internally and externally facing critical assets (CIP-003-01). A logical perimeter needs to be established around critical cyber assets, including the use of firewalls to block vulnerable ports and attack monitoring tools such as intrusion detection and prevention systems (CIP-005-01). In addition, organizations need to enforce controls on physical access to critical cyber assets (CIP-006-01). Systems for monitoring security events need to be deployed (CIP-007-01), and organizations must have comprehensive emergency response plans for cyberattacks (CIP-008-01), natural disasters and other unplanned events (CIP-009-01). Of course, the demands

0 CommentsAdd a Comment
What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123