The North American Electric Reliability Council
(NERC) first issued Cyber Security Standards to safeguard North American
electrical systems in 2003. The standards require utilities responsible
for delivering bulk electricity to the North American electrical grid
to identify and protect critical cyber assets. The Federal Energy Regulatory
Commission oversees the power industry, and has delegated responsibility
for maintaining and complying with standards to NERC.
NERC has drafted a suite of Cyber Security
Standards titled CIP 002-009 to update the 2003 standards. Companies
should use current drafts to perform risk assessments and identify compliance
deficiencies.
Contact Us
Select any of the services below for more information.
To design a more comprehensive compliance solution for your business,
contact VeriSign at 650-426-5310 or enterprise_security@verisign.com.
Requirements
NERC has drafted a suite of Cyber Security
Standards titled CIP 002-009 to update the 2003 standards. The analysis
below is based on draft 3. These VeriSign products and services can
help address the drafted CIP 002-009 standards.
Key Controls |
Applies To |
How VeriSign Helps |
Requires "risk-based"
assessments and annual cyber vulnerability assessment. |
Critical cyber assets |
Enterprise
Consulting Assessments |
Requires 90-day access logs,
generated 24/7/365 and reviewed manually every two months. Requires
records of reviews. |
Authorized and unauthorized access to the security
perimeter |
Log
Management Service |
Annual cyber vulnerability assessment
requires scanning. Requires controls to ensure up-to-date patches. |
Critical cyber assets |
Vulnerability
Management Service |
Requires 24/7/365 monitoring
for unauthorized access. |
Electronic perimeter |
|
Requires a firewall |
Electronic perimeter |
Firewall
Management Service |
Requires strong authentication
(to augment user name and passwords). Mentions one-time passwords as
an option. |
Remote access to power systems |
|
Learn More
NERC |
North American Electric Reliability
Council Web site |
FERC |
Federal Energy Regulatory Commission Web site |
Compliance
Solutions Overview Guide |
An overall strategy for compliance with multiple
regulations and requirements |
Worldwide Sites
