Bringing the Future into Focus

NERC – CIP Analysis

No enterprise is completely immune to cyber-attacks or breaches, but a proactive, all-encompassing strategy can eliminate many of these threats.

Today, many Electrical Utilities and Cooperatives do not have the layered security controls in place to defend against or identify an attack in a timely fashion.InfoSight’s CIP Gap Analysis addresses the “Required Entities” and requirements that fall under the NERC – CIP. This Gap Analysis identifies gaps in security systems and processes and assists organizations in attaining total NERC – CIP Compliance. Our information security assessors will work closely with your organization’s information assurance, management and technical teams to strengthen the overall compliance posture of the organization.

Our Gap Analysis can also be expanded to provide recommendations to adequately address risks with a “Remediation Roadmap”.

Download InfoSight’s Control Objective Outline to view the Control Objective our experts assess along with the most up to date NERC – CIP Requirements.

What is NERC-CIP?

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC – CIP) consists of 45 requirements and 9 standards that are designed to secure assets for operating in North America’s bulk electric system. If you are a Required Entity operating a Bulk Electric System (BES), you fall under CIP Compliance Requirements, meaning you must have an appropriate plan of action in place to ensure the security of all assets. BES Cyber Assets must be classified as High, Medium or Low Impact and meet all CIP Regulatory compliance and regulations. It is the responsibility of the Required Entity to safeguard BES Cyber Assets and prevent an attack that can do irreparable damage and lead to severe consequences, which are subject to penalties under federal law.

InfoSight Also Provides:

Why InfoSight?

  • 24x7x365 US-based SOC/NOC
  • SSAE18 SOC 2 Certified SOC/NOC
  • Complete MSSP Services that include Monitoring, Real-Time Threat Analysis, Mitigation/Remediation, Alerting, Reporting and Device Management
  • Flexible pricing models that can be 24x7, 8x5, of off-peak 7pm to 7am only coverage
  • MSP & MSSP Solutions for both IT & OT ICS environments
  • 21+ years Regulatory Compliance experience (GLBA, PCI, HIPAA, NERC, AWIA, etc.)
  • Certified Experts (CISSP, CISA, CEH, OSCP, AWS, AWWA, etc.)
  • Managed Services for On-premise Data center, Cloud and Hybrid environments
  • Offering comprehensive cybersecurity Awareness Training Solutions
  • Virtual ISO Programs that bridge the communication gap between IT and OT networks

Contact Us

Contact Infosight

InfoSight’s Control Objective Assessment (PDF)

CALL TO BOOK

305.828.1003