NERC CIP
Standard Tree
Filter by Asset Type:
14 of 14 standards
Applicability:
Mandatory
Conditional (ERC)
Partial
Not Applicable
Asset Dots:
BCS/BCA
PCA
EACMS
PACS
Mandatory
Conditional (ERC)
Partial
N/A
Click any standard to view full details
Foundation
Starting Point
CIP-002-5.1a
BES Cyber System Categorization
B
P
E
PA
2 reqs
Governance & Management
Policies & Oversight
CIP-003-8
Security Management Controls
B
P
E
PA
5 reqs
Personnel & Access
People & Identity
CIP-004-7
Personnel & Training
B
P
E
PA
5 reqs
Electronic & Physical Security
Perimeter Controls
CIP-005-7
Electronic Security Perimeters
B
P
E
PA
3 reqs
CIP-006-6
Physical Security
B
P
E
PA
3 reqs
System & Operations Security
Technical Controls
CIP-007-6
System Security Management
B
P
E
PA
5 reqs
CIP-008-6
Incident Reporting & Response
B
P
E
PA
3 reqs
CIP-009-6
Recovery Plans
B
P
E
PA
3 reqs
CIP-010-4
Configuration Change Management
B
P
E
PA
4 reqs
CIP-011-3
Information Protection
B
P
E
PA
2 reqs
Specialized Requirements
Domain-Specific
CIP-012-1
Control Center Communications
B
P
E
PA
1 reqs
CIP-013-2
Supply Chain Risk Management
B
P
E
PA
2 reqs
CIP-014-3
Physical Security (Transmission)
B
P
E
PA
6 reqs
CIP-015-1
Future
Internal Network Security Monitoring
B
P
E
PA
2 reqs

Applicability Matrix

Medium Impact BES Cyber System Environment

BCS/BCAPCAEACMSPACS
StandardTitleBCS/BCAPCAEACMSPACS
CIP-002-5.1a
BES Cyber System Categorization
MMMM
CIP-003-8
Security Management Controls
MMPP
CIP-004-7
Personnel & Training
MMMM
CIP-005-7
Electronic Security Perimeters
CCCC
CIP-006-6
Physical Security
MMMM
CIP-007-6
System Security Management
MMMM
CIP-008-6
Incident Reporting & Response
MMMN/A
CIP-009-6
Recovery Plans
MMMM
CIP-010-4
Configuration Change Management
MMMM
CIP-011-3
Information Protection
MMN/AN/A
CIP-012-1
Control Center Communications
PN/AN/AN/A
CIP-013-2
Supply Chain Risk Management
MMMM
CIP-014-3
Physical Security (Transmission)
PPN/AN/A
CIP-015-1
Internal Network Security Monitoring
Future: 10/01/2028
CCCC
MMandatory
CConditional (ERC)
PPartial
N/ANot Applicable
ERC = External Routable Connectivity