CIP-010
CIP-010 is part of the NERC Critical Infrastructure Protection (CIP) category of protection standards. This standard is intended to prevent and detect unauthorized changes to BES Cyber Systems through Configuration Change Management and Vulnerability Assessments. The standard is broad, covering areas of responsibilities that typically fall under multiple departments within an organization. Quanta Technology offers solutions for all of your CIP-010 needs. To maintain the reliability and resiliency of the grid, power system engineers routinely perform complex system performance analyses, which may include detailed simulations. Comprehensive power studies on a wide range of system conditions produce extensive amounts of raw data that quickly becomes overwhelming to comprehend. CORE® tools leverage the benefits of software automation to address the challenges in executing these studies as well as processing and interpreting the results.
Our Solutions
What is CIP-010
- CIP-010 is part of the NERC Critical Infrastructure Protection (CIP) category of protection standards.
- Intended to prevent and detect unauthorized changes to BES cyber systems through configuration change management and vulnerability assessments.
- Scope of standard is broad, covering areas of responsibilities that typically fall under multiple business or operating units within an organization.
- Protection and Control departments are typically required to address the following:
- Development of baselines (R1.1) – content, management, form and format
- Authorize and document changes that deviate from the baseline (R1.2) – detecting changes, addressing changes
Our Solution
- Requirement R1.1 – Baselines
- What goes into a baseline?
- What strategy is used for categorization of baseline configurations? How will these be organized?
- What form and format will the baseline take? How will they be stored?
- Requirement R1.2 – Detection of Changes
- What data will be compared to detect configuration changes?
- What data will represent the applicable device configuration?
- How will the comparison be performed?
- Requirement R1.3 – Tracking of Changes
- How will changes be tracked against the 30-day requirement?
- Requirement R2 – Repeatability
- The evaluation process may need to be repeated for applicable devices every 35 days
Papers
- Engineering Automation Drives Decision Making (TD World)
- Development and Implementation of Practical Processes for NERC CIP-010 Compliance Evaluation (2022 TAMU)
- Challenges and Considerations in Implementing Practical Solutions for NERC CIP-010 Compliance Evaluation (2021 CEATI)