Are You Compliant with NERC CIP Version 5?
In November 2013, the Federal Energy Regulatory Commission (FERC) approved Version 5 of the NERC CIP (Critical Infrastructure Protection) standards, which provides a significant change from Version 3 of the CIP standards and completely bypasses the implementation of the proposed Version 4. A Transition Program will be used during the implementation of Version 5, which will be fully enforced beginning on April 1, 2016. Additional information about the Transition Program is on the official NERC website.
Two CIP standards are new to Version 5: CIP-010 (Configuration Change Management and Vulnerability Assessments) and CIP-011 (Information Protection) are included in the latest revision. The new standards consolidate requirements that were previously included in other CIP standards, including CIP-003, CIP-005, and CIP-007. Each new standard also specifies that a “Responsible Entity” is required to document processes involved with the implantation of each of the standards’ requirements.
Do your security and compliance programs meet the new CIP Reliability Standards? Have you identified any gaps and if so, what potential solutions are available to meet the new and revised requirements? Download a copy of Tenable’s whitepaper, Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations, for more details about Version 5 of the NERC CIP Standards and how Tenable can help you make your organization more secure and compliant.
Related Articles
Tenable Cloud Security To Help Fed Agencies Tackle Cloud Challenges as It Nears FedRAMP Authorization
July 31, 2024As federal agencies adopt a cloud-first policy, they face unique challenges in securing cloud infrastructure. Learn how Tenable Cloud Security, which is now FedRAMP "In Process," can help.
Tenable Customer Update about CrowdStrike Incident
July 19, 2024Please read this important customer update about CrowdStrike's recent incident.
Tenable Announces Former Senior Administration Officials to Inaugural Public Sector Advisory Board
July 18, 2024Rob Joyce and Mark Weatherford will help Tenable shape federal cyber and AI policy
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
November 22, 2024Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against cyberattacks.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
- Announcements
- Energy Industry
- OT Security
- Standards