Compliance Training and Securing the Human
NERC CIP Versions 1-4 require entities to have training programs for individuals who have authorized cyber or authorized unescorted physical access to Critical Cyber Assets. The training programs must provide for quarterly security awareness training as well as annual cyber security training on a variety of topics. SANS Institute's Securing The Human now has an awareness training program that addresses these NERC-CIP compliance standards for Utilities.
Securing The Human for Utilities is a computer based training program with 23 security modules that address the most common attack vectors using the 20 Critical Controls as a framework and can be used to satisfy the CIP-004-3-R1 requirement. In addition, there are 7 CIP specific modules that can be used to meet the requirements for CIP-004-3-R2 and cover the following topics:
- Overview of NERC and FERC
- Introduction to the NERC CIP Standards
- Identification and Proper Use of Critical Cyber Assets
- Physical Access Controls to Critical Cyber Assets
- Electronic Access Controls to Physical Cyber Assets
- Proper Handling of Critical Cyber Asset Information
- Recovery of Critical Cyber Assets following a Cyber Security Incident
This one day session will walk through CIP V1-4 Training program needs and demonstrate the SANS training program security awareness offerings as well as walk through the 7 CIP specific training modules with open discussion around the topics discussed in each. The session will also discuss the direction that the STU program is moving in to ensure CIP V 5 compliance training offerings in the near future.