Cybersecurity poses a major challenge for organizations in the electricity sector. There are a variety of standards and resources that organizations are either required or encouraged to use in managing their unique cybersecurity-related risks. Of critical importance is the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards – a set of requirements designed to mitigate the risk of a compromise that could lead to misoperation or instability in the Bulk Electric System.
A NIST Cybersecurity White Paper, Benefits of an Updated Mapping Between the NIST Cybersecurity Framework and the NERC Critical Infrastructure Protection Standards, describes a recent mapping initiative between the NERC CIP standards and the NIST Cybersecurity Framework. The paper explains how the mapping can help organizations to mature and align their compliance and security programs and better manage risks. The mapping shows which Cybersecurity Framework Subcategories can help organizations achieve a more mature CIP requirement compliance program. Along with compliance maturity, the document provides additional resources on how to improve an organization’s security posture and potentially reduce its security and business risks.