NERC & CIP

The North American Electric Reliability Corporation & Critical Infrastructure Protection

With Tehama you can leverage a SOC 2 Type II end-user compute environment and achieve and maintain regulatory compliance requirements for heavily regulated industries such as banking, financial services, health care, energy and utilities, insurance and government enterprises. The Tehama solution has 107 SOC 2 Type II controls built into the platform, saving you time and resources on your internal SOC 2 Type II audits.

NERC CIP logo

NERC & CIP

The North American Electric Reliability Corporation (NERC) is a non-profit international regulatory authority that oversees the effective and efficient reduction of risks to the reliability and security of the grid.

NERC develops and enforces Reliability Standards. NERC CIP v5 addresses cyber-related risks facing this sector by promoting organizations to categorize Bulk Electric Systems (BES) into high, medium, and low impact. Once categorized, BES assets can have appropriate Critical Infrastructure Protection (CIP) standards applied to address risks.

Tehama can help businesses comply with the following NERC cybersecurity standards:
CIP-005-5 CIP-007-6
Cyber Security - Electronic Security Perimeter(s) Cyber Security - System Security Management
This standard requires businesses "to manage electronic access to BES cyber systems by specifying a controlled Electronic Security Perimeter in support of protecting BES cyber systems against compromise that could lead to misoperation or instability in the BES."

This standard mainly focuses on the perimeter and efforts to address vulnerabilities encountered during remote access. The perimeter that houses all critical cyber assets should be protected and any and all access points be secured. Key components to this include, but are not limited to, the following: remote session encryption, multi-factor authentication, anti-malware updates, patch updates and using extensible authentication protocol (EAP) to limit access based upon roles.
This standard requires businesses to "to manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES cyber systems against compromise that could lead to misoperation or instability in the BES."

This requires that the business creates, implements and maintains processes and procedures for securing systems for both critical and non-critical cyber assets. This also means documenting security measures, including records of test procedures, ports and services, security patch management, and malicious software prevention.
Tehama can help businesses comply with the following NERC cybersecurity standards:
CIP-005-5
Cyber Security - Electronic Security Perimeter(s)
This standard requires businesses "to manage electronic access to BES cyber systems by specifying a controlled Electronic Security Perimeter in support of protecting BES cyber systems against compromise that could lead to misoperation or instability in the BES."

This standard mainly focuses on the perimeter and efforts to address vulnerabilities encountered during remote access. The perimeter that houses all critical cyber assets should be protected and any and all access points be secured. Key components to this include, but are not limited to, the following: remote session encryption, multi-factor authentication, anti-malware updates, patch updates and using extensible authentication protocol (EAP) to limit access based upon roles.
CIP-007-6
Cyber Security - System Security Management
This standard requires businesses to "to manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES cyber systems against compromise that could lead to misoperation or instability in the BES."

This requires that the business creates, implements and maintains processes and procedures for securing systems for both critical and non-critical cyber assets. This also means documenting security measures, including records of test procedures, ports and services, security patch management, and malicious software prevention.

Tehama’s secure perimeters and firewalls address vulnerabilities encountered during remote access.