Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST, North American Electric Reliability Corporation Publish Guide for Bulk Electric System's Cybersecurity

A guide to help users both to the Bulk Electric Systems

In 2020, NIST and the North American Electric Reliability Corporation (NERC) mapped the NIST Cybersecurity Framework to NERC's Critical Infrastructure Protection (CIP) Standards for the Bulk Electric System. Recently, NIST and NERC jointly published the Benefits of an Updated Mapping between the NIST Cybersecurity Framework and the NERC Critical Infrastructure Protection Standards. It provides the Bulk Electric System's stakeholders with guidance regarding how to apply this mapping. Specifically, it explains the mapping's three spreadsheets and their uses:

  • Mapping of NIST Cybersecurity Framework to NERC’s CIP Standards: Shows the NERC standards that map to each subcategory of the NIST Cybersecurity Framework.
  • Reverse Mapping of NERC’s CIP standards to NIST Cybersecurity Framework: Lists NIST Cybersecurity Framework subcategories that align with each NERC standard.
  • Pivot: Shows the same information as the reverse mapping but is configurable. Users can expand or minimize each NERC standard. They can also view information from the NIST Cybersecurity Framework – such as Function, Category, and Subcategory.

Equally important, the guidance notes that the spreadsheets provide informative resources for each subcategory, like industry standards, guidelines, practices, and more. These resources provide a good first step for users unsure of where to start in complying with cybersecurity requirements and the subsequent steps they can take to realize intended outcomes. Ultimately, an organization can use these resources to develop an action plan for cybersecurity

Released November 1, 2021, Updated May 24, 2022