Skip to main content

NERC CIP

logo

Summary

The North American Electric Reliability Corporation Reliability Standards are developed using an industry-driven, ANSI-accredited process that ensures the process is open to anyone who is directly and materially affected by the reliability of the North American bulk power system. The version used for this section is NERC CIP v5 Standards.

Definitions

DefinitionRequirements
003-8_3_1. Electronic access controls
176. Restrict system objects
003-8_3_2. Electronic access controls
264. Request authentication
003-8_5_1. Transient cyber asset and removable media malicious code risk mitigation
041. Scan files for malicious code
273. Define a fixed security suite
004-6_R5. Access revocation
034. Manage user accounts
114. Deny access with inactive credentials
005-5_R1_3. Electronic security perimeter
096. Set user's required privileges
341. Use the principle of deny by default
005-5_R1_4. Electronic security perimeter
264. Request authentication
005-5_R1_5. Electronic security perimeter
273. Define a fixed security suite
005-5_R2_2. Interactive remote access management
181. Transmit data using secure protocols
007-6_R1_1. Ports and services
250. Manage access points
255. Allow access only to the necessary ports
007-6_R3_1. Malicious code prevention
155. Application free of malicious code
007-6_R4_1. Security event monitoring
075. Record exceptional events in logs
007-6_R5_1. System access control
264. Request authentication
007-6_R5_4. System access control
142. Change system default credentials
007-6_R5_5. System access control
132. Passphrases with at least 4 words
133. Passwords with at least 20 characters
007-6_R5_6. System access control
130. Limit password lifespan
007-6_R5_7. System access control
237. Ascertain human interaction
011-2_R1_2. Information protection
181. Transmit data using secure protocols
185. Encrypt sensitive information
011-2_R2_1. BES cyber asset reuse and disposal
183. Delete sensitive data securely
free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.

Last updated on