NERC Reliability Standards define the reliability requirements for planning and operating the North American bulk power system and are developed using a results-based approach that focuses on performance, risk management, and entity capabilities. The United States of America, Canada, and a part of Baja California in Mexico comes under the responsibility of NERC and power system operators in that region need to meet its security standards which include network scanning for security vulnerabilities. For more info about NERC see NERC website http://www.nerc.com/.
The NERC Vital Infrastructure Protection (NERC-CIP) exists to improve the reliability of the vital bulk power SCADA systems that create and transport electricity around the continent, and the objective of a NERC compliance program is to guarantee that the bulk electric system in North America is reliable, sufficient, and secure. It's insufficient to simply plan for natural disasters or accidents-the bulk power system should be planned, designed, constructed, and operated in a way that also takes into account modern threats to security, including attacks from cyber-criminals. NERC compliance programs are required to help prevent these attacks.
All bulk power system owners, operators, and clients must comply with NERC-approved Reliability Standards. These entities are required to register with NERC through the appropriate Regional Entity.
It's crucial to keep the bulk power system safe from threats, which is why any bulk power system owner or operator must adhere to NERC compliance standards.
Following are the three vital security standards of NERC-CIP:
How Nemasis helps to achieve NERC-CIP?
Nemasis’s vulnerability management suite identifies all the vital cyber assets automatically during a network scan. This scan can be scheduled daily, weekly, monthly, and it can also be manually scheduled by the administrator. Nemasis-VA’s policy management tool helps the administrator to create new policies or standards for vital cyber assets and it also empowers him to create exception wherever it is important. It generates a detailed report for all the discovered vital cyber assets.
Administrator or security team needs to set up a process through which only ports which are needed for normal and emergency operation remain open. Nemasis-VA uses its port scanner feature to identify all the open ports on a system and immediately report the potential risks or security-related network issues.
Nemasis-VA is a vulnerability assessment and management suite, which is designed to precisely scan network of any size. With help of NVTs (Network Vulnerability Tests), CVEs (Common Vulnerability and Exposures) and the CERT, the vulnerability database, it is able to detect more than 49,000+ vulnerabilities and the new vulnerabilities that will be added on daily basis.