Collaborate Disseminate
Are you an organization that operates a Bulk Power System (BPS) in the United States? If so, you understand the need to comply with the Critical Infrastructure Protection (CIP) standards. Developed by the North American Electric Reliability Corporation… Continue reading How Tripwire State Analyzer Can Help You to Comply with NERC CIP
via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic
Permalink
The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic &#… Continue reading Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 339’
It’s often said that cybersecurity is hard. Anyone who has ever worked their way through the SANS Critical Controls, PCI-DSS or even something deceptively minimalist as the OWASP Top 10 knows that success in achieving these security initiatives require… Continue reading Achieving CIP Compliance, NERC-Style
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Standards are a cybersecurity compliance framework designed to protect utility organizations. Adhering to these guidelines is essential—falling short will… Continue reading 4 Steps for Assessing Your NERC CIP Compliance Program
In October, the Federal Energy Regulatory Commission (FERC) released its “2020 Staff Report Lessons Learned from Commission-Led CIP Reliability Audits.” The report summarizes the Commission’s observations from Critical Infrastructure Protection (CIP) a… Continue reading FERC Releases Staff Report on Lessons Learned from CIP Audits
Just a couple of weeks back I posted to The State of Security an article titled “Finally Some Good News: NERC Proposes Deferment of 3 CIP standards,” and, as suspected, the Federal Energy Regulatory Commission (FERC) approved the extension … Continue reading FERC Approves Deferment of 3 CIP standards
Standard CIP-003 exists as part of a suite of Critical Infrastructure Protection (CIP) Standards related to cybersecurity that require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and proce… Continue reading CIP-003-7: Transient Cyber Assets and Removable Media in 2020
NERC CIP Standards Background and Basics The North American Electic Reliability Corporation (NERC) is an international regulatory organization that works to reduce risks to power grid infrastructure. They do this through the continual development of a … Continue reading What is NERC?
Detection of change is easy… There, I said it. Anyone can do it. One thousand monkeys with keyboards can pound out scripts to detect change. What is not so easy, what the monkeys can’t do, is reconcile change. Even worse, it’s usually… Continue reading Developing an Effective Change Management Program
As organizations grappled with NERC CIP version 5, Tripwire learned along the way. In this series, I’ll cover the aspect of CIP that has come up the most in the last year: how to meet the software monitoring requirements. Software Inventory as a … Continue reading Software Monitoring for NERC CIP Compliance: Part 1