• NERC Compliance

    What is the new NERC Regulation CIP-012-01?

    NERC has released a new regulation, CIP-012-1, that will be enforceable 7/1/2022. This new regulation is concerned with the security of data being transmitted between Control Centers. You must have a documented plan written and put in place by 7/1/2022.


    The plan is intended to mitigate the risks posed by the unauthorized disclosure and/or unauthorized modification of real-time assessment and real-time monitoring data while being transmitted between any applicable Control Centers. In simple terms, this is saying that the responsible entity must document the fact that they are encrypting the data and transmitting it via a secure connection, such as a VPN, and then have evidence that this is being done.


    What must your NERC CIP-012-01 plan include?


    This plan must include the following items:


    • Identification of security protection used to mitigate the risks posed by unauthorized disclosure and unauthorized modification of Real-time Assessment and Real-time monitoring data while being transmitted between Control Centers.
    • Identification of where the Responsible Entity applied security protection for transmitting Real-time Assessment and Real-time monitoring data between Control Centers.
    • If the Control Centers are owned or operated by different Responsible Entities, identification of the responsibilities of each Responsible Entity for applying security protection to the transmission of Real-time Assessment and Real-time monitoring data between those Control Centers.


    How can you prove that you have a NERC CIP-012-01 Compliance Plan in place?


    The evidence that a responsible entity is compliant with this regulation should include a documented plan that meets the security objectives and documentation demonstrating the implementation of the plan.


    What can you do to ensure your compliance plan holds up under rigorous NERC Compliance testing?


    Velta Technology has technologies that provide encryption for data in transit, which is the crux of this regulation. Our solution is hardware-based encryption, built entirely in silicon with no attack surface.


    This is a turnkey solution that Velta Technology provides end-to-end. You can count on us to:


    • Guide the documentation preparation for your NERC CIP-012-01 Compliance Plan
    • Assist with plan implementation
    • Ensure regulatory compliance
    • Provide white glove service to give you compliance peace of mind 


    Let us help you write your policy to ensure NERC compliance, guide your team in remediating your solution through implementation, and have all the support you need throughout the process.


    Please contact us at info@veltatech.com or call us at 314-463-3600.