CIP Compliance Gap Analysis

Our CIP GAP Analysis has been developed to address requirements applicable to “Required Entities” who fall under the NERC CIP (Critical Infrastructure Protection) Compliance Requirements. If you are a Required Entity operating a Bulk Electric System (BES), you fall under CIP Compliance Requirements. This means that all your BES Cyber Assets must be classified as High, Medium or Low Impact, and appropriate actions must be taken to ensure the security of these assets.

Additionally, cyber-attacks are on the rise and few Electric Cooperatives have the layered security controls in place to defend against or identify an attack in a timely fashion. It is the responsibility of the Required Entity to safeguard BES Cyber Assets and an attack can do irreparable damage and lead to severe consequences, which subject to penalties under federal law.

We strive to build long term relationships with cooperatives, sowe understand the cooperativeand membership culture and that reflects in our pricing.

We can assist with:

  • Meeting CIP regulatory compliance requirements
  • Assessing your current cyber security posture
  • Managing, protecting & securing your BES Cyber Assets and Confidential Customer Data
  • Penetration Testing of your SCADA and Corporate networks
  • Building security & compliance reports in language your C-Suite and Board will understand

A Gap Analysis is designed to assist your organization in identifying gaps in security systems and processes. The Analysis are designed to prepare organizations in the process of attaining NERC CIP Compliance. Throughout the process, information security assessors will work closely with the company’s information assurance, management and technical teams in order to provide the clearest picture available of the overall compliance posture of the organization.

No enterprise is completely immune to cyber attack, but a proactive, all-encompassing strategy can eliminate many threats. At a time when one small exposure can devalue an organization's brand, getting security right is imperative.

InfoSight’s CIP Gap Analysis methodologies that are based on this process:

InfoSight Assessors will conduct interviews, request document and visit locations within scope where applicable.
InfoSight Asssessors will perform review of IT & Security systems, and processes to identify gaps in NERC CIP complaince.
InfoSight Assessors will analyze all collected data and produce the a GAP Analysis report.

InfoSight will assess your current state with the desired state in compliance with NERC CIP requirements. Additionally, our Gap Analysis can be expanded to provide recommendations to adequately address risks with a “Remediation Roadmap”.

Following the NERC CIP standards, InfoSight will assess the following control objectives:

Control Objectives NERC CIP Requirements
  • CIP-002-5.1a Cyber Security — BES Cyber System Categorization
  • CIP-003-6 Cyber Security - Security Management Controls
  • CIP-004-6 Cyber Security - Personnel & Training
  • CIP-005-5 Cyber Security - Electronic Security Perimeter(s)
  • CIP-006-6 Cyber Security - Physical Security of BES Cyber Systems
  • CIP-007-6 Cyber Security - System Security Management
  • CIP-008-5 Cyber Security - Incident Reporting and Response Planning
  • CIP-009-6 Cyber Security - Recovery Plans for BES Cyber Systems
  • CIP-010-2 Cyber Security - Configuration Change Management and Vulnerability Assessments
  • CIP-011-2 Cyber Security - Information Protection
  • CIP-014-2 Physical Security

We are not "IT Generalists", but "Advisory & Cyber Security Professionals" that understand Cybersecurity and Compliance from the field to the desktop.

Contact Us today to ensure you meet federal compliance guidelines, safeguard confidential client information and protect your assets.