Achieving NERC Cyber Security Standards Compliance with Lumension

The North American Electric Reliability Corporation (NERC) is a non-profit corporation chartered to ensure that the bulk electric system in North America is reliable, adequate and secure. NERC CIP standards and guidelines apply to all Responsible Entities (REs) within the bulk-power system, including investor-owned utilities, most generation and transmission (G&T) cooperatives, owners or operators of electrical power generation, transmission or balancing facilities in North America, primary entities ensuring compliance, such as NERC and the Regional Reliability Organizations. REs are required to retain 12 months of auditable data, documents and records on their information security controls and specific logs for 90 days in order to be compliant with the new CIP standards.

This whitepaper reviews each of the NERC Cyber Security Standards and maps the requirements to technical controls enforceable with Lumension solutions. Lumension helps REs address NERC CIP compliance challenges and ensures audit-readiness by delivering end-to-end vulnerability management, endpoint protection and data protection solutions that:

• Automate vulnerability management to minimize the attack surface
• Prevent malicious software with complete protection
• And protect information from loss or theft