What is the new NERC Regulation CIP-012-01?
NERC has released a new regulation, CIP-012-1, that will be enforceable 7/1/2022. This new regulation is concerned with the security of data being transmitted between Control Centers. You must have a documented plan written and put in place by 7/1/2022.
The plan is intended to mitigate the risks posed by the unauthorized disclosure and/or unauthorized modification of real-time assessment and real-time monitoring data while being transmitted between any applicable Control Centers. In simple terms, this is saying that the responsible entity must document the fact that they are encrypting the data and transmitting it via a secure connection, such as a VPN, and then have evidence that this is being done.
What must your NERC CIP-012-01 plan include?
This plan must include the following items:
How can you prove that you have a NERC CIP-012-01 Compliance Plan in place?
The evidence that a responsible entity is compliant with this regulation should include a documented plan that meets the security objectives and documentation demonstrating the implementation of the plan.
What can you do to ensure your compliance plan holds up under rigorous NERC Compliance testing?
Velta Technology has technologies that provide encryption for data in transit, which is the crux of this regulation. Our solution is hardware-based encryption, built entirely in silicon with no attack surface.
This is a turnkey solution that Velta Technology provides end-to-end. You can count on us to:
Let us help you write your policy to ensure NERC compliance, guide your team in remediating your solution through implementation, and have all the support you need throughout the process.
Please contact us at email@example.com or call us at 314-463-3600.
119 South Main Street
St. Charles, MO 63301
© 2022 Velta Technology