Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

A Zero-Trust User Access Model Can Expedite Compliance with New Looming NERC CIP Regulations

  • Tue, Jul 30, 2024
  • 1:00PM - 2:00PM UTC
  • English
  • Jason Dely, Enrique Martinez & Bill Moore
  • Technical Presentation
Login to register
Webcast Hero

Introduction to NERC CIP-003-9 Requirements:

  • Overview of the NERC CIP-003-9 standards with a focus on access control and management
  • Explanation of the April 2026 deadline implications for power generation asset owners.

NERC CIP-003-9 Elements:

  • Secure Access Control: Ensures compliance by providing secure, context-aware access to critical cyber assets.
  • Identity Verification: Advanced user authentication aligns with NERC’s requirements for identity and access management.
  • Monitoring and Logging: Continuous monitoring and detailed logging capabilities support incident response and recovery plans as required by NERC.
  • Remote Access Management: Secure, controlled remote access aligns with NERC’s mandates for remote access management.
  • Configuration Management: Helps maintain information about hardware and software configurations, ensuring compliance with NERC’s asset management requirements.

Case Study and Implementation Strategy:

  • Example of successful implementation with power generation OEM.
  • Strategic recommendations for meeting the 2026 deadline.

Conclusion:

  • Summary of capabilities in ensuring NERC CIP-003-9 compliance.
  • Final thoughts on enhancing overall cybersecurity posture through zero-trust security.
  • This session will equip asset owners with the knowledge and tools to efficiently transition to a compliant and secure infrastructure and meet NERC CIP-003-9.

Meet the speakers

Jason Dely

Jason Dely

Director

Jason Dely brings over 20 years of experience and a diverse industrial control system background to SANS and the industrial control system (ICS) community.

Learn more
Enrique Martinez

Enrique Martinez

I joined WWT in September 2019 as a Technical Solutions Architect, leading the development of our OT/IoT Security capabilities within the Security Practice. Previous to WWT, I worked for 10 years at a utility, where I served as the technical lead in the design and implementation of a Nuclear Cybersecurty Program, lead the cyber NERC CIP compliance efforts, and served as the Industrial Control Systems security architect. I hold a CISSP, and GIAC GDSA, GRID, GAWN, and GPEN.

Learn more
Bill Moore

Bill Moore

CEO

N/A

Learn more