Skip to main content

NERC CIP

logo

Summary

The North American Electric Reliability Corporation Reliability Standards are developed using an industry-driven, ANSI-accredited process that ensures the process is open to anyone who is directly and materially affected by the reliability of the North American bulk power system. The version used for this section is NERC CIP v5 Standards.

Definitions

DefinitionRequirements
003-8_3_1. Electronic access controls176. Restrict system objects
003-8_3_2. Electronic access controls264. Request authentication
003-8_5_1. Transient cyber asset and removable media malicious code risk mitigation041. Scan files for malicious code
273. Define a fixed security suite
004-6_R5. Access revocation034. Manage user accounts
114. Deny access with inactive credentials
005-5_R1_3. Electronic security perimeter096. Set user's required privileges
341. Use the principle of deny by default
005-5_R1_4. Electronic security perimeter264. Request authentication
005-5_R1_5. Electronic security perimeter273. Define a fixed security suite
005-5_R2_2. Interactive remote access management181. Transmit data using secure protocols
007-6_R1_1. Ports and services250. Manage access points
255. Allow access only to the necessary ports
007-6_R3_1. Malicious code prevention155. Application free of malicious code
007-6_R4_1. Security event monitoring075. Record exceptional events in logs
007-6_R5_1. System access control264. Request authentication
007-6_R5_4. System access control142. Change system default credentials
007-6_R5_5. System access control132. Passphrases with at least 4 words
133. Passwords with at least 20 characters
007-6_R5_6. System access control130. Limit password lifespan
007-6_R5_7. System access control237. Ascertain human interaction
011-2_R1_2. Information protection181. Transmit data using secure protocols
185. Encrypt sensitive information
011-2_R2_1. BES cyber asset reuse and disposal183. Delete sensitive data securely