EnergyTech Insights Update: New Mapping of CIP to NIST CSF

EnergyTech Insights Update: New Mapping of CIP to NIST CSF

On July 27, 2020, an updated mapping (v1.1) of the North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) Reliability Standards to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) was released.

This project was a joint initiative between NERC and CIP to update the previous mapping, which included now-retired CIP Reliability Standards and a previous version of the CSF.  The continued effort to maintain an updated mapping of the two standards provides organizations much-needed guidance on the identification and implementation of best practices for cyber asset security and protection.  It also allows organizations to communicate to interested parties that their CIP compliance program effectively represents a link to NIST compliance and vice versa.  The latter will continue to gain prominence as organizations historically not regulated by NERC will see increased pressure from NERC regulated customers- especially those to which cloud and cybersecurity services are provided- to map their compliance posture to CIP Reliability Standards.

Learn more about NIST CSF compliance or download the v1.1 mapping spreadsheet (.xlsx)

About the Author

Grayson Taylor

Grayson Taylor is a Senior Manager at Schellman & Company, LLC, with over 12 years of experience in attestation and compliance services. Grayson has managed hundreds of projects and examinations for Global 1000, Fortune 500, and regional companies over the course of his career. Grayson leads Schellman’s Houston practice with a focus on SOC 1, SOC 2, ISO 27001, HIPAA, and special projects related to the energy sector. As a senior manager, Grayson is also responsible for strategic initiatives, business development, and human capital development at Schellman.

More Content by Grayson Taylor

No Previous Articles

Next Video
FedRAMP Controls Categories - Low, Moderate, or High?
FedRAMP Controls Categories - Low, Moderate, or High?