NERC CIP Standard Tree — Medium Impact BES Cyber System

NERC CIP

Standard Tree

Medium ImpactBES Cyber System·BCS · PCA · EACMS · PACS

Filter by Asset Type:

14 of 14 standards

Applicability:

MandatoryFully required for Medium BCS

Conditional (ERC)Required only with External Routable Connectivity (ERC)

PartialSome requirements apply (e.g., Control Centers only)

Not ApplicableNot in scope for this asset type

Asset Dots:

BCS/BCA

PCA

EACMS

PACS

Mandatory

Conditional (ERC)

Partial

N/A

Click any standard to view full details

Foundation

Starting Point

CIP-002-5.1a

BES Cyber System Categorization

2 reqs

Governance & Management

Policies & Oversight

CIP-003-8

Security Management Controls

5 reqs

Personnel & Access

People & Identity

CIP-004-7

Personnel & Training

5 reqs

Electronic & Physical Security

Perimeter Controls

CIP-005-7

Electronic Security Perimeters

3 reqs

CIP-006-6

Physical Security

3 reqs

System & Operations Security

Technical Controls

CIP-007-6

System Security Management

5 reqs

CIP-008-6

Incident Reporting & Response

3 reqs

CIP-009-6

Recovery Plans

3 reqs

CIP-010-4

Configuration Change Management

4 reqs

CIP-011-3

Information Protection

2 reqs

Specialized Requirements

Domain-Specific

CIP-012-1

Control Center Communications

1 reqs

CIP-013-2

Supply Chain Risk Management

2 reqs

CIP-014-3

Physical Security (Transmission)

6 reqs

CIP-015-1

Future

Internal Network Security Monitoring

2 reqs

Applicability Matrix

Medium Impact BES Cyber System Environment

BCS/BCAPCAEACMSPACS

Standard	Title	BCS/BCA	PCA	EACMS	PACS
`CIP-002-5.1a`	BES Cyber System Categorization	M	M	M	M
`CIP-003-8`	Security Management Controls	M	M	P	P
`CIP-004-7`	Personnel & Training	M	M	M	M
`CIP-005-7`	Electronic Security Perimeters	C	C	C	C
`CIP-006-6`	Physical Security	M	M	M	M
`CIP-007-6`	System Security Management	M	M	M	M
`CIP-008-6`	Incident Reporting & Response	M	M	M	N/A
`CIP-009-6`	Recovery Plans	M	M	M	M
`CIP-010-4`	Configuration Change Management	M	M	M	M
`CIP-011-3`	Information Protection	M	M	N/A	N/A
`CIP-012-1`	Control Center Communications	P	N/A	N/A	N/A
`CIP-013-2`	Supply Chain Risk Management	M	M	M	M
`CIP-014-3`	Physical Security (Transmission)	P	P	N/A	N/A
`CIP-015-1`	Internal Network Security Monitoring Future: 10/01/2028	C	C	C	C

MMandatory

CConditional (ERC)

PPartial

N/ANot Applicable

ERC = External Routable Connectivity