NERC Compliance with Netwrix Auditor

Meeting NERC Compliance Requirements

with Netwrix Auditor

Watch overview video

About NERC requirements Which NERC requirements we address Our customers

About NERC

NERC Standards

The North American Electric Reliability Corporation (NERC) is a trans-national regulatory authority that ensures electrical reliability of the bulk power system in North America. Overseen by the Federal Energy Regulatory Commission (FERC), the corporation develops and enforces NERC reliability standards for planning and operating the bulk power system and minimizing the risk of system disturbances.

NERC Critical Infrastructure Protection (CIP)

NERC CIP standards are mandatory for users, owners and operators of the bulk electric power system and designed to ensure the security of the IT infrastructure that supports North America's bulk electric system. Organizations have to enforce IT controls to protect access to sensitive cyber assets, i.e. programmable electronic devices and communication networks, including hardware, software, and data. Covered entities that fail to comply with CIP standards are subject to fines, sanctions and other penalties.

Capabilities of Netwrix Auditor

Protect your critical systems from cyber vulnerabilities and ensure NERC CIP compliance

The latest effective CIP regulations, NERC CIP version 5, along with the partially effective version 6, facilitate standards development and NERC CIP compliance enforcement, and also require proper governing of critical infrastructure. Netwrix Auditor helps organizations prove that security controls are in place and all CIP requirements are being followed.

Keep access to sensitive cyber assets under control to ensure critical infrastructure protection

Gain a complete picture of current and past access permissions, and keep an eye on all changes and access to critical cyber assets to maintain compliance with cyber security requirements.

Use out-of-the-box compliance reports to prove you follow NERC reliability standards

Preconfigured compliance reports are aligned with specific CIP requirements; deliver actionable intelligence about activity in your IT environment; and help you prove to auditors that your organization is compliant with all CIP standards.

Address auditors' questions faster

With the Interactive Search feature, you can find answers to the detailed questions NERC compliance auditors may ask.

Maintain your audit trail for years to prove your NERC CIP compliance in the past

Archive your audit trail for years and easily access it whenever you need to perform security investigations or vulnerability assessments in accordance with cyber security standards.

See which NERC CIP standards can be addressed with Netwrix Auditor

Netwrix Auditor helps responsible entities secure, manage and monitor the critical cyber assets of the bulk power system. By providing complete visibility into activity in the IT environment, Netwrix Auditor helps you address, either directly or partially, the following cyber security requirements of NERC CIP compliance.

Addresses directly
Addresses indirectly

CIP-005 – Electronic Security Perimeter

Manage electronic access to the bulk electric system (BES) and protect BES Cyber Systems

CIP-007 – Systems Security Management

Manage system security to help protect BES Cyber Systems

CIP-010 – Configuration Change Management and Vulnerability Assessments

Prevent and detect unauthorized changes to BES Cyber Systems

CIP-011 – Information Protection

Prevent unauthorized access to BES Cyber System Information

CIP-003 – Security Management Controls

Create and enforce security management controls that establish responsibility and accountability for protecting BES Cyber Systems

CIP-004 – Personnel & Training

Minimize the risk of misoperation or instability in the BES by requiring personnel risk assessment, training and security awareness

CIP-008 – Incident Reporting and Response Planning

Mitigate risks to the reliable operation of the BES as the result of an IT security incident by specifying incident response requirements

Please note that Netwrix Auditor can facilitate the ongoing evaluation of security controls in addition to those listed above, helping you achieve continuous compliance with the security provisions of other regulations.

Learn more about which NERC CIP cyber security standards can be addressed using Netwrix Auditor.

Download Netwrix Auditor Report Mapping (.pdf)

Organizations of all sizes trust Netwrix Auditor to secure their bulk power system assets and maintain compliance with CIP requirements

"We considered tools from several vendors as well as building our own tools. We chose Netwrix Auditor because of its attractive pricing and easy implementation."

Kerry Schrantz,

Network Operations Manager, Pike Energy

Read success story (.pdf)

Universal Electric

500

employees

ISO New England

1,000

employees

Northern Tier Energy

2,950

employees

Atmos Energy

4,700

employees

Willbros

8,000

employees