Follow Us:

Critical Infrastructure Protection


The North American Electric Reliability Corporation (NERC) publishes Reliability Standards for the Bulk Electric Systems of North America. One section of this standard addresses Critical Infrastructure Protection (CIP). CIP is broken into nine distinct standards as follows:

  • Sabotage Reporting
  • Cyber Security – Critical Cyber Asset Identification
  • Cyber Security – Security Management Controls
  • Cyber Security – Personnel & Training
  • Cyber Security – Electronic Security Perimeter
  • Cyber Security – Physical Security of Critical Cyber Assets
  • Cyber Security – Systems Security Management
  • Cyber Security – Incident Reporting and Response Planning
  • Cyber Security – Recovery Plans for Critical Cyber Assets


In order to achieve and remain compliant with CIP, entities must execute a number of regular tasks, including:

  • Annual Cyber Vulnerability Assessments
  • Annual Approvals
  • Regular Testing/Exercising of Controls (e.g., physical, data recovery, incident response)



  • Energy
  • Entity Types Defined in the Standards
    • Reliability Coordinator
    • Balancing Authority
    • Interchange Authority
    • Transmission Service Provider
    • Transmission Owner
    • Transmission Operator
    • Generator Owner
    • Generator Operator
    • Load Serving Entity
    • Regional Entity

How secure is your organization?

Speak with an information security expert to find out.

All Areas of Compliance