Date Published: September 29, 2021
Author(s)
Jeffrey Marron (NIST), Avi Gopstein (NIST), Daniel Bogle (NERC)
This white paper highlights a recent mapping effort between the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards and the NIST Cybersecurity Framework. Mappings of these two frameworks have been performed in the past; this effort updated the mapping to reflect the currently enforceable NERC CIP Standards and the NIST Cybersecurity Framework v1.1. This white paper helps organizations understand how they can use the mapping to achieve a more mature CIP requirement compliance program while improving their security posture and potentially reducing the organization's security and business risk.
This white paper highlights a recent mapping effort between the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards and the NIST Cybersecurity Framework. Mappings of these two frameworks have been performed in the past; this effort updated the...
See full abstract
This white paper highlights a recent mapping effort between the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards and the NIST Cybersecurity Framework. Mappings of these two frameworks have been performed in the past; this effort updated the mapping to reflect the currently enforceable NERC CIP Standards and the NIST Cybersecurity Framework v1.1. This white paper helps organizations understand how they can use the mapping to achieve a more mature CIP requirement compliance program while improving their security posture and potentially reducing the organization's security and business risk.
Hide full abstract
Keywords
Bulk Electric System (BES); Critical Infrastructure Protection (CIP); Cybersecurity Capability Maturity Model (C2M2); North American Electric Reliability Corporation (NERC); National Institute of Standards and Technology (NIST); Online Informative References (OLIR); Reliability and Security Technical Committee; Security Working Group (SWG)
Control Families
None selected