NERC Compliance Programs and Solutions

Secure North American bulk power systems from harmful attacks

The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) exists to improve the reliability of the critical bulk power SCADA systems that create and transport electricity around the continent, and the goal of a NERC compliance program is to ensure that the bulk electric system in North America is reliable, adequate and secure. It's not enough to just plan for natural disasters or accidents-the bulk power system now must be planned, designed, built and operated in a manner that also takes into account modern threats to security, including attacks from cyber criminals. NERC compliance programs are required to help prevent these attacks.

It's crucial to keep the bulk power system safe from threats, which is why any bulk power system owner or operator must adhere to NERC compliance standards.

Which Regulations Matter to You?

We'll help you determine which regulations your organization needs to meet.

Contact Us

How Rapid7 helps get you NERC compliant

Conducting penetration tests and vulnerability scans for your NERC compliance program

Both InsightVM and Metasploit can help you prepare for your NERC compliance testing, both by scanning your critical systems for vulnerabilities, misconfigurations and malware and by conducting penetration tests to verify how well your systems would resist a real-life attack. Our NERC compliance solutions automatically discover all assets within your infrastructure

Automated asset discovery and identification

With InsightVM, you can easily and automatically inventory all the assets within your electronic security perimeter, as defined by NERC compliance guidelines. InsightVM will continually discover all physical and virtual assets in your infrastructure and help you group those assets into organizational categories for easier scanning and reporting.

Download InsightVM - Free Trial

Providing professional consulting services for your NERC compliance program

If you need extra help in defining your electronic security perimeter or in evaluating your NERC compliance program, our professional services team can help with consultations as well as internal and external penetration testing and vulnerability scanning. 

Contact our PSO professional services

Crushing Compliance: NERC

Compliance should boost your security, not burden it. Rapid7's NERC compliance guide lays out the requirements of compliance, as well as the things you can do to not only meet those requirements, but improve your overall security in the process.

Compliance Toolkit: NERC

Need help with NERC? Download a suite of free resources to help you achieve compliance via audit preparation and sound vulnerability management practices that ensure your critical infrastructures are protected from intruders.