Security Management Controls
CRSI provides the Security Management Controls knowledge and guidance to define and implement the security policies and access approval process to govern access to the Cyber Asset and information about the Cyber Asset. NERC CIP-003 requires each Responsible Entity to have a structured and auditable set of processes and policies to ensure authorized access to any and all medium and high impact BES Cyber Systems that collectively address CIP-004 through CIP-011.
CRSI has an unmatched level of expertise, specialized in developing and implementing cyber security polices for energy companies throughout North America. We work closely with your SMEs to tailor required documents to meet your exact Security Management Controls structure, carefully considering your internal compliance culture. CRSI also makes meaningful suggestions for practical enhancements whenever we identify areas that can be strengthened.
CRSI’s Security Management Controls Consulting Services include:
- Cyber Security Policy Development
- Cyber Security Policy Implementation
- Embedded consulting support for NERC Compliance Program Development
- Updating NERC CIP documentation to those needed to meet Requirements CIP-002 through CIP-011 under FERC Order 822
- Cyber Security Plan Development for low impact BES Cyber Systems (including the sections in Attachment 1)
- Identification of Low Impact External Routable Connectivity (LERC)
- Identification and Documentation of Controls for Low Impact Electronic Access Points (LEAP)
- Network Design Documentation
- NERC CIP Senior Manager Identification Documentation
- NERC CIP Senior Manager Delegation Documentation
CRSI strategically partnered with more than 250 electric utilities in the last five (5) years for their NERC CIP Compliance Solutions. To find out more about how to create your Security Compliance Roadmap, call us today to schedule a free, no obligation consultation.