The North American Electric Reliability Corporation (NERC) maintains comprehensive reliability standards that define requirements for planning and operating the bulk electric system (BES). Among these are the Critical Infrastructure Protection (CIP) Cyber Security Standards, which specify a minimum set of controls and processes for power generation and transmission companies to...

The Health Insurance Portability and Accountability Act (HIPAA) was enacted to safeguard Protected Health Information (PHI) by mandating procedures and controls to assure the public that critical and private information is controlled from loss of confidentiality, integrity or availability. With few exceptions, an organization is subject to HIPAA if it exchanges data related to...

North American electric utility companies constantly balance the need to be audit-ready for NERC CIP compliance against their top priority: ensuring the reliability of the bulk electric system. NERC CIP compliance, especially when approached using manual methods, is complex, time-consuming, and prone to human error. Further, NERC CIP requirements often infer security skill...