On April 18th, 2013 FERC voted to skip NERC CIP version 4 and move straight to version 5 leaving asset owners unsure of what they should expect in upcoming CIP audits. What can asset owners can do right now to preare for CIP v4 and v5?
According to Dwayne Melancon, chief technology officer for Tripwire, there are three key steps asset owners can take today to begin preparing for NERC CIP 5 audits.
“Asset owners can be proactive with NERC CIP 5 requirements by looking at existing controls and reports and deciding what they have that will work and what will need additional automation,” Melancon said.
“It they approach the problem by looking at what they already deliver they will understand where they need to spend additional resources to be CIP 5 audit ready.”
Proactive steps to begin working toward v4 and v5 compliance:
- Map the security you already have into the CIPS creating a gap analysis
- Figure out which reports and controls you can generate in an easy, consistent way with your existing tools
- Use a database, a spreadsheet or report templates to pull together the reports you have into an audit ready report
Suggested Reading: NERC CIP: It Gets Worse Before it Gets Better
Upcoming Webcast: Passing NERC CIP Audits via Automation
- Date: June 11, 2013
- Time: 10:00 AM Pacific/1:00 Eastern
- Duration: One Hour
Image courtesy of ShutterStock