NERC-CIP Compliance

What is NERC-CIP Compliance?

The Critical Infrastructure Protection standards developed by North American Electric Reliability Corporation (NERC) include critical aspects of both operational and physical security controls as well as incident response and recovery.

How Does Cygilant Help?

Cygilant’s SOCVue Security Monitoring service helps organizations address NERC CIP by providing 24/7/365 security monitoring and reporting on system events and critical security controls, as required by CIP-007-5 R4.

Cygilant’s offers the SOCVue Vulnerability Management service provides vulnerability detection and remediation guidance designed to help address the NERC v5 requirements CIP-007-5 and CIP-010-5.

With the Security Monitoring on-premise deployment option, Cygilant’s SOC team can also proactively assess several additional security controls, which are based on the SANS/CIS Critical Security Controls, in order to reduce your compliance risk. The security controls are directly mapped to relevant sections of NERC CIPv5.

Our SOC team will work with your organization to enable the reporting you need to help meet your compliance objectives with ease.

Critical Security Control

NERC CIP v5

How SOCVue Security Monitoring Addresses

How SOCVue Vulnerability Management Addresses

Critical Security Control #1: Inventory of Authorized and Unauthorized Devices

CIP-002-5 R1

CIP-002-5 R2

Monitor DHCP event logs to track the identity of devices connecting to the network and   detect unauthorized devices.

Conduct vulnerability scans in order to build an inventory of authorized and unauthorized devices.

Critical Security Control #4: Continuous Vulnerability Assessment and Remediation

CIP-007-5 R2

CIP-010-5 R3

Correlate data from a wide variety of commercial vulnerability scanners with real-time security event data for enhanced alerting and reporting.

Vulnerability scanning to assess, prioritize and remediate vulnerabilities.

Critical Security Control #6: Maintenance, Monitoring, and Analysis of Audit Logs

CIP-007-5 R4

Collect, monitor, and analyze audit logs to detect, analyze and prevent advanced threats.

Critical Security Control #9: Limitation and Control of Network Ports

CIP-007-5 R1

Establish a whitelist/blacklist of ports and protocols to detect   unauthorized ports, protocols, and services    

Vulnerability scanning to detect vulnerable ports and protocols


Let's Talk

We save our customers 100s of hours and 1000s of dollars every week, and give them peace of mind with 24x7 detection and response to security incidents and vulnerabilities. Get in touch to learn how we can help your organization be more resilient to cyberattacks and compliance mandates.