Rapid7 Compliance Brief: NERC CIP

The North American Electric Reliability Corporation (NERC) develops and enforces standards to ensure the reliability and safety of the bulk power system, including the Critical Infrastructure Protection (CIP) standards to strengthen cybersecurity. These detailed requirements use a risk management approach to require a baseline level of security controls for high, medium, and low impact systems.

Rapid7 solutions can help organizations meet NERC CIP cybersecurity requirements. From low- to high-impact systems, electrical providers are under more scrutiny than ever as grids continue to be tested and threat actors look to take advantage of these vulnerabilities. This compliance brief details:

• Key requirements from NERC CIP’s enforceable standards related to cybersecurity

• How Rapid7 can help organizations establish and test security policies and safeguards required under NERC CIP, such as vulnerability assessments, access controls, supply chain risk management, and more

• How Rapid7 solutions help establish, maintain, and support incident detection, response, and recovery plans required under NERC CIP