The Lighthouse: CIP low impact from the ground up

By Lew Folkerth, Principal Reliability Consultant, External Affairs

In this series of articles, I’ll explore the NERC CIP Standards applicable to low impact Bulk Electric System Cyber Systems. These articles are my opinions only – consider them to be my advice to you. Most of this advice will reference the enforceable language of the Reliability Standards, and I’ll quote the applicable wording or provide links to the applicable documents. The enforceable language of the standards will always govern, and if you think my advice conflicts with this language, please let me know.

In the low-impact series, I will tell you what you must accomplish and what you should accomplish with your compliance program. But I cannot tell you how to be compliant. How you implement these standards is individual to each organization.

I’m going to assume you are new to the CIP Standards. I will begin with some foundational material before progressing to more advanced topics and  provide links that may be useful for your own reference library.

Part 1, Introduction to NERC and the Reliability Standards

Part 2, Initial compliance steps

Part 3, Overview of compliance steps

Part 4, Identifying your CIP Senior Manager (CIP-003 R3, R4)

Coming soon… 

Part 5, Quality Evidence

Part 6, Identifying BES assets containing low impact BCS

Part 7, Developing cyber security policies (low impact only)

Part 8, Developing your low impact cyber security plans

Part 9, Developing your security awareness plan

Part 10, Developing your physical security controls plan

Part 11, Developing your electronic access controls plan

Part 12, Developing your CSIRP plan and the CSIRP

Part 13, Developing your TCA and RM plan

Part 14, Developing your Control Center communications plan

Part 15, CIP-014-3 considerations for low impact

Part 16, Series wrap-up