NERC Critical Infrastructure Protection

Overview
The North American Electric Reliability Corporation (NERC) developed the CIP standards that require the utilities to put a baseline set of security measures in place intended to protect the bulk power system. Currently, NERC-CIP is the only mandatory requirement that must be met by the electric utilities in the area of cybersecurity-related to operations, outside of customer data privacy.

NERC-CIP has the following nine sections:


 * CIP-001 Sabotage reporting
 * CIP-002 Critical Cyber-Asset Identification
 * CIP-003 Security Management Controls
 * CIP-004 Personnel and Training
 * CIP-005 Electronic Security Perimeter
 * CIP-006 Physical Security of Critical Cyber-Assets
 * CIP-007 Systems Security and Management
 * CIP-008 Incident Reporting and Response Planning
 * CIP-009 Recovery Plans for Critical Cyber-Assets.