SOURCE: LockPath, Inc.


April 01, 2015 12:54 ET

No Joke: NERC CIP 5 Enforcement Is One Year Away

OVERLAND PARK, KS--(Marketwired - April 01, 2015) - Today begins the one-year countdown for the utilities industry. On April 1, 2016, facilities not in compliance with Version 5 of the NERC Critical Infrastructure Protection (CIP) Reliability Standards could face audits and fines.

Since most utilities, large and small, will fall under this compliance umbrella, some smaller entities may have a lot of catching up to do. Larger organizations will also have their work cut out for them as this new version calls for increased efforts surrounding cyberasset tagging. Complicating matters is the extended deliberations that occurred between NERC and FERC. Utility organizations were being told to hurry up and wait for a finalized version of these standards while the date for compliance moved ever closer.

Regardless of your organization's current state of readiness, the next year will go by quickly. You are not alone if you feel like the pressure is building. There is, however, a solution offering relief.

A Governance, Risk Management, and Compliance solution (or GRC for short) will help ease the transition from existing CIP v3 standards to the new v5 standards. A robust solution, such as Keylight, can perform gap analysis and provide visual representation of which policies comply and overlap from v3 to v5. This saves you time in your compliance efforts by telling you where time and resources don't need to be spent. An updated content library will also guarantee your organization is up to speed on the most recent authority documents and regulatory changes.

A GRC platform can also address the biggest change in CIP v5: BES cyberasset tagging. The right solution can assist in effectively managing and identifying these assets through ingesting and reporting on data from different scanners.

The revision of these standards, albeit a pain for anyone on the compliance end, comes at a much needed time. Vulnerabilities in our critical infrastructure have already been exposed through recent attacks, and the threat of future attacks is only intensifying.

The goal of this transition is to instill a security-based approach, in lieu of one focused solely on compliance, to proactively defend those assets critical to the reliability of our infrastructure. This is an all-for-one, one-for-all scenario in getting all utilities up to speed in securing our nation's most important assets. To ensure your organization's security through compliance with these CIP v5 standards is to help ensure the well-being of an entire country.

For a more in-depth look as to how our Keylight GRC solution can assist your organization with its transition to NERC CIP v5, check out LockPath's NERC CIP v5 Readiness whitepaper.

About LockPath
LockPath is a market leader in corporate governance, risk management, regulatory compliance (GRC) and information security (InfoSec) software. The company's flexible, scalable and fully integrated suite of applications is used by organizations to automate business processes, reduce enterprise risk and demonstrate regulatory compliance to achieve audit-ready status. LockPath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises in more than 15 industries. The company is headquartered in Overland Park, Kansas.

Image Available: