Select your location

NERC-CIP v5 has evolved a lot in terms of moving away from compliance and a focus on security. Previous versions had high-level requirements which lacked granularity and clarity, often criticized by security practitioners. Seemingly, the standards committee drew inspiration from NIST RMF and ISA99 (IEC 62443) to consider security at the systems level. NERC-CIP V5 has taken a bottom up approach this time, starting from assets and reaching out to the systems level. As an example, this version has introduced definitions for identification of Cyber Assets, BES Cyber Assets and BES Cyber Systems, as opposed to the previous version, which focused mainly on Critical Assets and Critical Cyber Assets. Introduction of impact ratings for asset classification and many other changes, discussed in detail in this whitepaper, provide practitioners with proper guidance. NERC CIP v5 will bring out a secure by design approach in convergence of Operations Technology (OT) and Information Technology (IT). 

Related content