Assessing and Reducing Risk - NERC Security Working Group
- Oct 20, 2021 8:54 pm GMT
The following reference documents were published this year (6/8/2021) after over a year of vetting and collaborative effort by industry volunteers from the RSTC, Security Working Group (SWG), and representatives from NERC and NIST and includes NERC CIP alignments with various frameworks including NIST-CSF and SP800-53 Rev.4, CIS CSC, COBIT, ISA, ISO. The spreadsheet is meant to be a "Security and Compliance" Self-assessment & Maturity tool for CIP Requirement Owners within Responsible Entity organizations. One of the goals in developing this tool and framework alignments was to help address questions that members of the group have experienced from practitioners whom where looking for more details on the how and why about technical controls.
The documents and instructions are located on NERC's web site: https://www.nerc.com/comm/Pages/Reliability-and-Security-Guidelines.aspx under 'Technical Reference Documents / Approved Technical Reference Documents'
This reference document is comprised of instructions and a risk assessment tool that can help organizations determine their current security and compliance posture. The tool is a Microsoft Excel-based spreadsheet that maps requirements of the CIP Reliability Standards to the National Institute of Standards and Technology (NIST) Cybersecurity Framework2 (hereafter referred to as “the framework”). It can help a responsible entity identify gaps in their current environment and develop an improvement plan for addressing them.
The instructions and tool were the result of a collaborative effort by industry volunteers from the RSTC, Security Working Group (SWG), and representatives from NERC and NIST. The deliverables associated with the reference document underwent a pilot study with SWG members; their recommendations were incorporated into the final version.
A 'NERC Security Working Group (SWG) Cybersecurity Framework (CSF) Self-Assessment Tool Survey' was also completed (seen in part in the attached image).
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.