The North American Electric Reliability Corporation (NERC) developed the CIP standards that require the utilities to put a baseline set of security measures in place intended to protect the bulk power system. Currently, NERC-CIP is the only mandatory requirement that must be met by the electric utilities in the area of cybersecurity-related to operations, outside of customer data privacy.
NERC-CIP has the following nine sections:
- CIP-001 Sabotage reporting
- CIP-002 Critical Cyber-Asset Identification
- CIP-003 Security Management Controls
- CIP-004 Personnel and Training
- CIP-005 Electronic Security Perimeter
- CIP-006 Physical Security of Critical Cyber-Assets
- CIP-007 Systems Security and Management
- CIP-008 Incident Reporting and Response Planning
- CIP-009 Recovery Plans for Critical Cyber-Assets.