NERC CIP: A Deeper Dive

NERC CIP: A Deeper Dive

June 16-17, 2020 | Online :: Central Time

If this event is of interest you may also be interested in this related event

NERC Compliance Fundamentals, June 15-16, 2020, Online

The electric grid in North America is at the top of the list of critical infrastructures maintained by Presidential Directive by the Department of Homeland Security and it is recognized that the remaining critical infrastructures will not function without a reliable supply of electricity. As a result, cyber and physical security for electric utilities is at the forefront of the legislators and regulators agenda following recent cyber and physical attacks in the US and elsewhere in the world.

To address these risks, the North American Electric Reliability Corporation (NERC) has developed and maintained a set of Critical Infrastructure Protection standards that are mandatory and enforceable. These standards have undergone significant change since they were first adopted in FERC Order 706. These standards have been extended to include all Bulk Electric System Assets and their related Cyber Assets each categorized as High, Medium, and Lower Risk assets thereby extending the program to all registered entities and all bulk electric system assets at some level.

This course will provide a deep fundamental understanding of the NERC CIP standards including a history of their development, an understanding of the present standards, and a view of what is coming in future standard development. The course will also provide a detailed overview of each standard, its fundamental purpose, and the intent of each requirement.

Developing programs to meet the intent of the standard is challenging since compliance with the standards requires disciplines from several key corporate functions including electric system operations, information technology, corporate security, and human resources at a minimum. This course will also review organizational structures for successful implementation and their experiences.

This course will also provide an overview of compliance and monitoring efforts that NERC will conduct for the CIP standards and is designed to give the necessary background for all staff to understand the concepts and complexities of NERC compliance in order to communicate and build a culture of compliance and reliability and prepare for upcoming CIP audits.

Learning Outcomes

  • Review the background for the NERC Critical Infrastructure Protection Standards (CIP) and discuss major recent revisions
  • Review the scope and purpose of the NERC CIP Standards
  • Examine the NERC CIP requirements in detail
  • Review future CIP Standards and discuss how to prepare for them
  • Explain how violations are determined and identify which CIP standards are the most violated and why
  • Discuss the challenges faced by utilities in defining a compliance program across the corporate functions necessary for CIP compliance (operations, information technology, corporate security, human resources, etc.)
  • Analyze the audit process for CIP standards and demonstrate strategies for success before, during, and after an audit



EUCI has been accredited as an Authorized Provider by the International Association for Continuing Education and Training (IACET).  In obtaining this accreditation, EUCI has demonstrated that it  complies with the ANSI/IACET Standard which is recognized internationally as a standard of good practice. As a result of their Authorized Provider status, EUCI is authorized to offer IACET CEUs for its programs that qualify under the ANSI/IACET Standard.

EUCI is authorized by IACET to offer 1.2 CEUs for this event.


Requirements for Successful Completion of Program

You must be logged in for the entire presentation and send in the evaluation after the online course is completed.

Instructional Methods

This course will use PowerPoint presentations and group discussions.


Tuesday, June 16, 2020

registration12:30 – 1:00 p.m. :: Log in

timing1:00  – 4:00 p.m. :: Course Timing

History and Purpose of NERC Critical Infrastructure Protection Standards and Requirements

  • History of the CIP Standards
    • Urgent Action Standards
    • NERC vs. FERC vs. Congress
  • 706 Reliability Standards – The first enforceable standards
  • Currently enforceable CIP Reliability Standards
    • Review of the intent and purpose of each standard
    • Understanding each of the requirements
    • Resources necessary in meeting the intent
  • Meeting the Requirements with outside contractors/vendors
  • Analysis of most violated CIP standards

Wednesday, June 17, 2020

breakfast8:30 – 9:00 a.m. :: Log in

timing9:00 a.m. – 4:00 p.m. :: Course Timing

lunch12:00 – 12:30 p.m. :: Lunch Break

History and Purpose of NERC Critical Infrastructure Protection Standards and Requirements – Continued

  • Physical security and CIP-014
    • Coordination with other physical security requirements
    • Common pitfalls
  • Audit processes and preparation for CIP Standards
    • RSAW preparation
    • RSAW Narratives: What are they used for?
    • Common pitfalls

CIP Compliance in Practice

  • Recognize how NERC compliance fits with other enterprise compliance needs and risk management
  • Managing documentation and evidence for audit
  • Understanding and Populating the NERC CIP Evidence Request Tool in preparing for an audit 
  • Demonstrating a culture of compliance to auditors for the CIP Standards
  • Emerging Issues and New Standards- CIP-003-7, CIP-012-1, CIP-013-1 – Change to CIP-003-8, CIP-005-6, CIP-008-6, CIP-010-3,CIP-012-1, CIP-013-1


Ryan Carlson, CISSP, PSP, Vice President – Critical Infrastructure Protection Services, Proven Compliance Solutions

Ryan has over 25 years of experience in Cyber Security, IT project management, network system engineering, and network/server system administration.  Ryan’s career has been devoted exclusively to assisting clients with their NERC Critical Infrastructure Protection (CIP) compliance program needs since 2008.  Ryan has conducted hundreds of CIP mock audit/gap analysis projects over the last 10 years and participated in dozens of regional CIP audits as an expert advisor, observer, and embedded Subject Matter Expert.  Ryan is actively involved in monitoring the CIP Standards development process by attending NERC Critical Infrastructure Protection Committee (CIPC) meetings, as well as numerous NERC/regional CIP user group meetings and conferences.  Ryan is an active member of the NERC Compliance Input Working Group (CEIWG).  Ryan is a Certified Information Systems Security Professional (CISSP) and Physical Security Professional (PSP) and holds a Bachelor’s Degree in Economics, International Relations and Marketing from the University of Minnesota.

Online Delivery

Our courses are designed to be the best possible use of your valuable time – get the information you need to improve your position in the market in an interactive, dynamic format.

We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.

  • You will receive a meeting invitation will include a link to join the meeting.
  • Separate meeting invitations will be sent for the morning and afternoon sessions of the course.
    • You will need to join the appropriate meeting at the appropriate time. 
  • If you are using a microphone, please ensure that it is muted until such time as you need to ask a question.
  • The remote meeting connection will be open approximately 30 minutes before the start of the course. We encourage you to connect as early as possible in case you experience any unforeseen problems.


Please Note: This event is being conducted entirely online. All attendees will connect and attend from their computer, one connection per purchase. For details please see our FAQ

If you are unable to attend at the scheduled date and time, we make recordings available to all registrants for three business days after the event

Event Standard RateAttendees

By clicking Accept or closing this message, you consent to our cookies on this device in accordance with our cookie policy unless you have disabled them. more information

By clicking Accept or closing this message, you consent to our cookies on this device in accordance with our cookie policy unless you have disabled them. You can change your cookie settings at any time but parts of our site will not function correctly without them. We use cookies during the registration process and to remember member settings.