800.903.6264

SecureState
Search
Home > Services > Audit and Compliance > NERC CIP Audit

AUDIT & COMPLIANCE

NERC CIP Gap Assessment Pre-Audit

Essentials

Following the terrorist attacks of 2001 and the blackout of 2003, the North American Electric Reliability Corporation (NERC) published the Critical Infrastructure Protection (CIP) Standards to help energy companies protect against an outside attack on the nation’s energy grid via the Internet. Inside the CIP Standards are the nine Cyber Security Standards that organizations now need to be completely compliant with. All entities subject to CIP must, at the very minimum, self attest annually. In addition, any subject entity responsible for CIP will at some point be formally audited by the appropriate regional entity following the regional entities audit schedule.

A NERC-CIP Gap Assessment – Pre Audit identifies areas where an organization does not comply with NERC-CIP and outlines areas requiring remediation. The goal is to evaluate your company’s readiness to pass a formal on-site Audit by your Regional Entity.

Benefits

  • Identification of non-compliant areas and understanding of what actions are needed to comply with NERC-CIP
  • Proper 3rd party objective demonstration of NERC-CIP compliance
  • Compliance with NERC-CIP
  • Avoidance of fines that could result in the failing of a NERC-CIP audit
  • Reduction of the cost, confusion, and complexity of NERC-CIP compliance

Expertise

SecureState’s Audit & Compliance consultants are experts in understanding both the technical aspects as well as the business aspects of your organization. SecureState’s experience and knowledge developed while working with some of the top energy companies in the country and governing body; provides your organization with a true picture of your compliance with CIP. Additionally, we provide help from pre-audit of the Cyber Security standards to the validation of those controls.

Did You Know?

  • SecureState works with NERC, Regional Entities, and energy companies on NERC-CIP compliance
  • NERC compliance applies to all bulk power system owners, operators, and users
  • Most NERC CIP violations result from the poor implementation of technical security methods and processes for Critical Cyber Assets
  • Our Experienced Staff Members can develop an enterprise-wide strategy and plan for achieving compliance
  • SecureState can assist you with implementing required operational changes
  • A remediation roadmap will provide you with detailed tasks and estimated timeframes for completing identified mitigation activities
  • A CIP Assessment should be performed annually

RELATED:

Our Approach and Methodology

SecureState’s approach to a NERC-CIP Gap Assessment maps out critical information processes and determines if regulatory controls have an impact on the business. The goals are to:

  • Efficiently execute your NERC-CIP compliance program
  • Interpret NERC-CIP controls and get answers for you quickly
  • Remediation cost-justification

The stages of our NERC-CIP Gap Assessment, with limited descriptions, are as follows:

Pre On-site Visit:

  • Introduce engagement participants and define roles
  • Review engagement activities
  • Review any applicable documentation

Process Mapping:

  • Document the high level in-scope NERC-CIP systems and technical infrastructure

Requirements Analysis:

  • Document the existing controls used to protect in-scope NERC-CIP Assets
  • Identify gaps against the NERC-CIP (002-009) requirements

Reporting:

  • On-site interview and information gathering to assess NERC-CIP compliance status
  • Outline strategic recommendations to mitigate identified control gaps
  • Upload remediation activities to “MyState Portal”

What Makes Us Different

SecureState:

  • Provides comprehensive on-demand security expertise during the engagement and throughout the year
  • Maintains close relationships with our clients because we care about the outcome of the assessment
  • Supports its clients’ NERC-CIP programs with our proprietary “MyState Portal” and a team of qualified security specialists
  • Has worked with some of the top energy companies in the country with regards to NERC-CIP compliance

Downloads

We Can Help You

Copyright © 2012 SecureState LLC. All rights reserved.
23340 Miles Road Cleveland, Ohio 44128-5493 | 800.903.6264

SecureState Data Security