A Zero-Trust User Access Model Can Expedite Compliance with New Looming NERC CIP Regulations

Tuesday, 30 Jul 2024 1:00PM EDT (30 Jul 2024 17:00 UTC)
Speakers: Jason Dely, Enrique Martinez, Bill Moore

The North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) standards are pivotal in safeguarding the reliability and security of the North American power grid. With the deadline for NERC CIP-003-9 looming in April 2026, asset owners face significant challenges in aligning their cybersecurity measures with these stringent requirements. This presentation will explore challenges and elements for key NERC CIP-003-9 requirements and an example of successful implementation

Introduction to NERC CIP-003-9 Requirements:

Overview of the NERC CIP-003-9 standards with a focus on access control and management
Explanation of the April 2026 deadline implications for power generation asset owners.

NERC CIP-003-9 Elements:

Secure Access Control: Ensures compliance by providing secure, context-aware access to critical cyber assets.
Identity Verification: Advanced user authentication aligns with NERC’s requirements for identity and access management.
Monitoring and Logging: Continuous monitoring and detailed logging capabilities support incident response and recovery plans as required by NERC.
Remote Access Management: Secure, controlled remote access aligns with NERC’s mandates for remote access management.
Configuration Management: Helps maintain information about hardware and software configurations, ensuring compliance with NERC’s asset management requirements.

Case Study and Implementation Strategy:

Example of successful implementation with power generation OEM.
Strategic recommendations for meeting the 2026 deadline.

Conclusion:

Summary of capabilities in ensuring NERC CIP-003-9 compliance.
Final thoughts on enhancing overall cybersecurity posture through zero-trust security.
This session will equip asset owners with the knowledge and tools to efficiently transition to a compliant and secure infrastructure and meet NERC CIP-003-9.

Login to Register

Thank You to Our Sponsor

This webinar is offered free of charge through collaboration between SANS and its sponsor(s). If you prefer not to share your registration details with sponsor(s), a recorded webinar will be available approximately 30 days after its initial release through the SANS archive. To access the recording, you will need to create a SANS account, but your information will not be shared with the sponsor(s).

Related Content

SANS ICS Security Summit 2025 - Graphic Recordings Blog.png

Industrial Control Systems Security

Visual Summary of SANS ICS Security Summit 2025

Check out these graphic recordings created in real-time throughout the event for SANS ICS Security Summit 2025

Expanding_ICS_Security Awareness_Part2_340x340

Industrial Control Systems Security

Expanding ICS Security Awareness: Part 2 - New Modules, New Risks, Same Mission

6 new modules that further enhance the SANS ICS Cybersecurity Awareness Training series

Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting

The Quest to Summit | SANS ICS Security Summit 2025

Register for the ICS Security Summit to be able to participate in The Quest to Summit and win big prizes.