• Listen to the Automation World Gets Your Questions Answered podcast!
    1. Products
    2. Control

    The CIP Standards

    June 5, 2008
    Here’s a brief look at the requirements of the Critical Infrastructure Protection (CIP) standards, taken from the January 2008 Federal Energy Regulatory Commission’s Order approving the standards.
    The -1 designation indicates that these are version one of the standards.CIP-002-1 – Cyber Security—Critical Cyber Asset Identification:Requires a responsible entity to identify its critical assets and critical cyber assets using a risk-based assessment methodology.CIP-003-1 – Cyber Security—Security Management Controls:Requires a responsible entity to develop and implement security management controls to protect critical cyber assets identified pursuant to CIP-002-1.CIP-004-1 – Cyber Security—Personnel & Training:Requires personnel with access to critical cyber assets to have identity verification and a criminal check. It also requires employee training.CIP-005-1 – Cyber Security—Electronic Security Perimeters:Requires the identification and protection of an electronic security perimeter and access points. The electronic security perimeter is to encompass the critical cyber assets identified pursuant to the methodology required by CIP-002-1.CIP-006-1 – Cyber Security—Physical Security of Critical Cyber Assets:Requires a responsible entity to create and maintain a physical security plan that ensures that all cyber assets within an electronic security perimeter are kept in an identified physical security perimeter.CIP-007-1 – Cyber Security—Systems Security Management:Requires a responsible entity to define methods, processes and procedures for securing the systems identified as critical cyber assets, as well as the non-critical cyber assets within an electronic security perimeter.CIP-008-1 – Cyber Security—Incident Reporting and Response Planning:Requires a responsible entity to identify, classify, respond to, and report cyber security incidents related to critical cyber assets.CIP-009-1 – Cyber Security—Recovery Plans for Critical Cyber Assets:Requires the establishment of recovery plans for critical cyber assets using established business continuity and disaster recovery techniques and practices.

    To view the accompanying article to this story,"Making Cyber Security Mandatory", visit www.automationworld.com/feature-4255

    Companies in this Article

    Continued Reading

    Sponsored Recommendations

    Food Production: How SEW-EURODRIVE Drives Excellence

    Optimize food production with SEW-EURODRIVE’s hygienic, energy-efficient automation and drive solutions for precision, reliability, and sustainability.

    Rock Quarry Implements Ignition to Improve Visibility, Safety & Decision-Making

    George Reed, with the help of Factory Technologies, was looking to further automate the processes at its quarries and make Ignition an organization-wide standard.

    Water Infrastructure Company Replaces Point-To-Point VPN With MQTT

    Goodnight Midstream chose Ignition because it could fulfill several requirements: data mining and business intelligence work on the system backend; powerful Linux-based edge deployments...

    The Purdue Model And Ignition

    In the automation world, the Purdue Model (also known as the Purdue reference model, Purdue network model, ISA 95, or the Automation Pyramid) is a well-known architectural framework...

    Sponsored