Strengthen NERC CIP Compliance with Dragos Technology & Services
Leverage Dragos OT cybersecurity technology and expert services to comply with NERC CIP reliability standards for US electric utilities.
What is NERC CIP?
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards are a set of requirements designed to protect critical infrastructure vital to the reliable operation of North America’s Bulk Electric System (BES) from cyber and physical security threats.
Why Choose Dragos for NERC CIP Compliance?
Implementing NERC CIP requirements can be challenging because of their complexity and rigorous compliance requirements across diverse operational environments.
The Dragos Platform enhances the cybersecurity posture in these critical environments through comprehensive asset and network visibility, threat detection, vulnerability management, and investigation and response.
The Dragos Platform integrates intelligence from our adversary threat hunters and service engagement findings.
Content updates are published weekly & provide the most comprehensive detections, up-to-date vulnerability guidance, and supporting operational technology (OT) cyber threat intelligence from Dragos’s WorldView research.
The Dragos Services team offers expertise to help evaluate and mature OT security practices, and the Dragos
Threat Intelligence team delivers contextual awareness on new threats and vulnerabilities, empowering organizations to make informed decisions about their security posture.
Mapping Dragos Technology & Services to NERC CIP Requirements
Learn how the Dragos Platform can be utilized in a NERC CIP program, and how the Dragos Services
team can help fulfill requirements.
| Topic | Standard | Use Case |
|---|---|---|
| BES Cyber System Categorization | CIP-002 | Platform: The Dragos Platform employs passive monitoring techniques to observe and identify devices connected to the network. Services: Architecture Reviews assist in understanding the most critical systems, essential network infrastructure, and the potential consequences of a cyberattack. |
| Security Management Controls | CIP-003 S | Services: Cybersecurity Program Maturity Reviews, such as Cybersecurity Capability Maturity Model (C2M2), evaluate an organization’s current cybersecurity posture, capabilities, and practices. |
| Personnel & Training | CIP-004 | Community Resources: To satisfy requirements that individuals with access to critical assets are properly trained, Dragos supports NERC CIP customers with the following focused on OT cybersecurity for their personnel:
|
| Electronic Security Perimeter(s) | CIP-005 | Platform:
|
| Systems Security Management | CIP-007 | Platform:
|
| Incident Reporting and Response Planning | CIP-008 | Platform: Overall, the Dragos Platform enhances incident reporting and response planning by providing robust detection capabilities, centralized management, automated response workflows, forensic analysis tools, collaboration features, and support for continuous improvement. Services:
|
| Recovery Plans for BES Cyber Systems | CIP-009 | Services:
|
| Configuration Change Management and Vulnerability Assessments | CIP-010 | Platform:
Services: Network Vulnerability Assessments assess the current landscape’s risk and evaluate the effectiveness of existing technical security controls, proposing enhancements for the future. |
| Communications between Control Centers | CIP-012 | Platform: The Dragos Platform can quickly identify unencrypted communication protocols in use if the responsible entity is utilizing encryption between control centers |
| Internal Network Security Monitoring | CIP-015 | Platform:
|
Download the NERC CIP Mapping Guide
Discover how the Dragos Platform and Services support compliance to NERC CIP reliability standards for critical industrial infrastructure.
Download NowCyber threats don’t wait
Wherever you are in your cybersecurity journey we’re here to help you take the next step in auditing and adhering to industry compliance requirements.