Five Key Questions for NERC CIP Compliance
A few months back we hosted a webinar (see the recorded version) on the importance of Change Control Management for NERC CIP 002-009 compliance. Our knowledgeable host, Jeff Sherwood, put together a presentation highlighting his insights from many years as a cyber security consultant, specifically in the energy industry. Jeff posed five really good questions to ask yourself about the security of your company.
- Who should have access to what?
- Who does have access to what?
- Who could have access to what?
- Who did have access to what?
- Can we sustain our primary mission if everything fails?
If you can answer all of these questions and have the data to back it up, you have good grasp on complying with the NERC CIP standards. If you cannot answer these questions, take a hard look at getting software
to automate change management.