NERC CIP | Compliance | Fluid Attacks Help

NERC CIP

logo

Summary

The North American Electric Reliability Corporation Reliability Standards are developed using an industry-driven, ANSI-accredited process that ensures the process is open to anyone who is directly and materially affected by the reliability of the North American bulk power system. The version used for this section is NERC CIP v5 Standards.

Definitions

Definition Requirements
003-8_3_1. Electronic access controls 176. Restrict system objects
003-8_3_2. Electronic access controls 264. Request authentication
003-8_5_1. Transient cyber asset and removable media malicious code risk mitigation 041. Scan files for malicious code
273. Define a fixed security suite
004-6_R5. Access revocation 034. Manage user accounts
114. Deny access with inactive credentials
005-5_R1_3. Electronic security perimeter 096. Set user's required privileges
341. Use the principle of deny by default
005-5_R1_4. Electronic security perimeter 264. Request authentication
005-5_R1_5. Electronic security perimeter 273. Define a fixed security suite
005-5_R2_2. Interactive remote access management 181. Transmit data using secure protocols
007-6_R1_1. Ports and services 250. Manage access points
255. Allow access only to the necessary ports
007-6_R3_1. Malicious code prevention 155. Application free of malicious code
007-6_R4_1. Security event monitoring 075. Record exceptional events in logs
007-6_R5_1. System access control 264. Request authentication
007-6_R5_4. System access control 142. Change system default credentials
007-6_R5_5. System access control 132. Passphrases with at least 4 words
133. Passwords with at least 20 characters
007-6_R5_6. System access control 130. Limit password lifespan
007-6_R5_7. System access control 237. Ascertain human interaction
011-2_R1_2. Information protection 181. Transmit data using secure protocols
185. Encrypt sensitive information
011-2_R2_1. BES cyber asset reuse and disposal 183. Delete sensitive data securely
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.