Menu Close

NERC CIP Services

The challenges that CIP presents are daunting at best. A former SERC CIP Auditor leads the Epoch team in providing expert CIP consulting services to utilities with those responsibilities. Whether you need your policies reviewed, facility services, or help in understanding and implementing a sustainable NERC CIP Program, Epoch Technical Solutions can tailor a service program to the specific needs of any utility. Let our professionals tailor a custom program for you!

Why Epoch?

Epoch Technical Solutions is a leader in the regulatory compliance arena focusing on providing solutions for issues associated with NERC Compliance. Epoch has expertise in NERC CIP and 693 compliance. As a result, our professionals understand the complexity of the different issues associated with meeting compliance.

Epoch employees possess real-world industry expertise in all areas of NERC 693 and CIP compliance. Due to its strong involvement in the NERC Compliance arena, Epoch has been involved in the development and enforcement of the NERC CIP Reliability Standards, the NERC 693 Reliability Standards and the Compliance Monitoring Enforcement Program (CMEP) development process from the beginning. We understand both the letter and spirit of the standards and the CMEP. Our team has experience providing compliance services including audit preparation, administration and performance of audits, and audit pre and post documentation. We also have significant experience in developing, implementing, and evaluating all sections of client compliance programs.

StandardExplanationExpertise Offered
CIP-002-5.1aRequires the identification, categorization ,and documentation of the BES Cyber Systems and their associated BES Cyber Assets that support the reliable operation of the Bulk Electric System.• Review and development of:
o Processes and procedures
• Asset Identification
• Gap Analysis
• Mock Audits
CIP-003-6Specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise.• Review & development of:
o Cyber security policy
o Processes and procedures
• Gap Analysis
• Mock Audits
CIP-004-6Minimize the risk against compromise from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment, training, and security awareness.• Review and development of:
o Cyber security awareness program
o Processes and procedures
o Training program
• Monitor training implementation
• Monitor PRA’s
• Gap Analysis
• Mock Audits
CIP-005-5Manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security.• Review and development of:
o Processes and procedures
o Electronic Security Perimeter Drawings
o Intermediate Server
o Two Factor Authentication (2FA)
• Gap Analysis
• Mock Audits

CIP-006-6Manage physical access to BES Cyber Systems by specifying a physical security plan.• Review and development of:
o Processes and procedures
o Physical Security Perimeter Drawings
o Physical Access Control Systems
• Gap Analysis
• Mock Audits
CIP-007-6Manage system security by specifying select technical, operational, and procedural requirements.• Review and development of:
o Processes and procedures
o Ports and Services
o Security Patches Management
o Methods for detecting or preventing malicious code
• Setup for Account Management Controls
• Gap Analysis
• Mock Audits
CIP-008-5Mitigate the risk to the reliable operation of the BES as the result of a Cyber Security Incident by specifying incident response requirements.• Review the development of:
o Processes and procedures
o Paper drills or tabletop exercise of a Reportable Cyber Incident
• Collecting of forensic evidence of an actual Cyber Incident
• Assist in report preparation from an actual Cyber Incident
• Gap Analysis
• Mock Audits
CIP-009-6Recover reliability functions performed by BES Cyber Systems by specifying recovery plan requirements.• Review and development of:
o Processes and procedures
o Recovery Plan Specifications
o Processes for backup and storage of information
o Lessons learned
o Processes for data preservation
• Assist in annual exercises
• Gap Analysis
• Mock Audits
CIP-010-2Prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements.• Review and development of:
o Processes and procedures
o Preparation of the equipment baseline
• (CVA) Cyber Vulnerability Assessment (Paper and Active)
• Gap Analysis
• Mock Audits
CIP-011-2Prevent unauthorized access to BES Cyber System specifying information protection requirements.• Review and development of:
o Processes and procedures
o Information protection programs
• Assis in identifying DoD processes for equipment disposals
• Assis in identifying best practices per National Institute of Standards and Technology
• Gap Analysis
• Mock Audits
CIP-014-2Protect Transmission facilities from physical attack.• Review and development of:
o Processes and procedures
o Risk Assessments
• Review of the Physical Security Measures
• Assist in the identification and verification of the transmission substations
• Gap Analysis
• Mock Audit

Contact us today: (517) 669.8888 to get started.