CIP is the Critical Infrastructure Protection standard which is part of the overall NERC compliance standards for all electrical utilities.
CIP extends horizontally to any element that’s critical to our nation’s infrastructure. For those organizations maintaining NERC compliance, CIP standards are focused on cybersecurity protection for the electrical utility industry, said Terry Schurter, VP of NERC Solutions for SigmaFlow.
The latest version of CIP, version 5, has created some waves.
That’s because one of the previous versions of CIP, version 3, classified your organization as either critical or non-critical to our nation’s infrastructure. If you were classified as non-critical you didn’t really have to do anything. Version 5 changes that “critical” classification to high, medium, or low impact. This has caused quite an uproar because before only 20-30 percent of organizations had to deal with CIP, now everybody has to, and it’s been completely rewritten with new expectations and new requirements.