+1-202-802-9399 (US)

NERC CIP MANDATES PRIVILEGE MANAGEMENT BEST PRACTICES

Do your privilege management practices stack up to NERC CIP requirements?

Energy and utility companies in the United States must comply with cyber security requirements outlined in the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) plan.

NERC CIP includes strict access control requirements over utility generation and distribution systems to protect critical infrastructure from external cyber threats as well as malicious insiders. All electronic access must be logged, monitored and archived in order to audit privileged user activity.

Get our guide to NERC CIP compliance requirements

See How Thycotic’s Software Solution Maps to Nerc Cip Privilege Management Requirements

NERC CIP REQUIREMENT Helps Meet
Cyber security training
Verify all user accounts, user account groups, or user role categories, and their specific, associated privileges are correct
Implement access revocation program(s).
Require inbound and outbound access permissions, including the reason for granting access, and deny all other access by default.
Require multi-factor authentication for all Interactive Remote Access sessions.
Deploy method(s) to deter, detect, or prevent malicious code.
Generate alerts for security events, at a minimum: detected malicious code and detected failure of event logging.
Enforce authentication of interactive user access. Identify individuals who have authorized access to shared accounts. Change known default passwords.