NERC Critical Infrastructure Protection Training (NERC CIP)

Commitment 5 Days, 7-8 hours a day.
Language English
User Ratings Average User Rating 4.8 See what learners said
Delivery Options Instructor-Led Onsite, Online, and Classroom Live


The NERC CIP set of standards was developed by the North American Electric Reliability Corporation (NERC) to ensure the protection of any assets used to operate North America’s Bulk Electric System (BES). Any entity that owns or operates any type of BES in the United States, Canada, and Mexico must be compliant with NERC CIP requirements.

This NERC CIP Training – NERC Critical Infrastructure Protection Training (NERC CIP) workshop provides a thorough review and analysis of NERC CIP standards currently subject to enforcement, as well as the ones that are subject to future enforcement. It discusses the history and background of NERC CIP, the process of development and implementation of new standards, the role of the Federal Energy Regulatory Commission (FERC) and Regional Entities, the reasons behind common compliance violations, and best practices for building effective compliance programs.


Upon completing this NERC CIP Training workshop course, learners will be able to meet these objectives:

  • Thoroughly understand the purpose and specific requirements of current and upcoming NERC CIP standards
  • Implement best practices for building an effective NERC CIP compliance program
  • Evaluate the impact of emerging trends on BES Cyber Systems
  • Describe the identification and documentation requirements of the Critical Cyber Assets associated with the Critical Assets
  • Describe roles and responsibilities for minimum security management controls to protect Critical Cyber Assets
  • Discuss requirements for identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets
  • Describe the implementation of physical security programs for the protection of Critical Cyber Assets
  • Define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets
  • Ensure the identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Ensure that recovery plans are put in place for Critical Cyber Assets and that these plans with established business continuity and disaster recovery techniques and practices
  • We can adapt this NERC CIP or NERC Critical Infrastructure Protection workshop course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this NERC CIP – NERC Critical Infrastructure Protection Training (NERC CIP) workshop course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the NERC CIP Training – NERC Critical Infrastructure Protection (NERC CIP) workshop around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the NERC CIP Training – NERC Critical Infrastructure Protection Training (NERC CIP) workshop course in a manner understandable to lay audiences.

The target audience for this NERC CIP Training workshop course:

  • Bulk Electrical System (BES) asset owners and operators
  • Operations and support personnel
  • Compliance managers, coordinators and analysts
  • Professionals responsible for Critical Infrastructure Protection
  • Anyone who wants to learn more about the NERC CIP standards

There are no formal prerequisites for this course.

  • N/A


  • Introduction to NERC, FERC, and NERC CIP
  • A short history of NERC CIP
  • What does it mean to comply with NERC CIP?
    • Audit considerations
    • The NERC standards development process
    • Interpretation questions
    • How a NERC CIP program works
    • Fines are going up!
  • What are the currently-enforceable CIP standards? What is coming soon?
  • CIP-002: Sets scope for NERC CIP
  • CIP-003: Security awareness, security training, security policies, and low-impact requirements
    • The new version of CIP-003 coming 1/1/20, including electronic access control for low-impact assets
  • CIP-004: Personnel
  • CIP-005: Firewalls, electronic security perimeters, interactive remote access
  • CIP-006: Physical security of BES Cyber-Systems
  • CIP-007: Systems security management
  • CIP-008: Incident response plans
  • CIP-009: Backup and recovery plans
  • CIP-010: Configuration management, security vulnerability assessments, laptops, and USB sticks
  • CIP-011: Information protection, device disposal or reuse
  • CIP-012: Protection of communications between control centers (coming 2021 or 2022?)
  • CIP-013: Supply chain security (in force 7/1/20)
  • CIP-014: Physical protection of key substations
    • Current standards drafting initiatives
    • Incorporating virtualization into the existing standards
    • BES Cyber System information in the cloud
    • Version 2 of CIP-013
  • The biggest issue in NERC CIP today: Why can’t we put BES Cyber Systems in the cloud?
    • Not a very happy story at this point
    • However, it will inevitably happen
  • What’s the longer-term direction for NERC CIP?
    • Risk-based standards
    • “Real-time” standards development
    • Will CIP be taken away from NERC and FERC?
NERC Critical Infrastructure Protection Training (NERC CIP)NERC Critical Infrastructure Protection Training (NERC CIP) Course Wrap-Up