NERC CIP

  • CIP V5 Titles Available:
    • CIP V5 Base Training – Cyber Security
    • CIP V5 Information Handling
    • CIP V5 Electronic Access Controls
    • CIP V5 Physical Access Controls Including Visitor Management
    • CIP V5 Cyber Security Incidents, Response and Recovery
    • CIP V5 Condensed Responsive Course
    CIP V3 Titles Available:
    • CIP V3 Standards Overview Course
    • Individual CIP V3 Standards Courses 
    • CIP V3 Standards Awareness For Entities – SAFE Course
    • CIP V3 Standards Refresher Course
    • Quarterly Security Safety Awareness Poster
    • Quarterly Security Awareness Newsletter

NERC CIP SECURITY E-LEARNING SERIES

The primary objective of this education series is to present contemporary security content in a new and exciting way. The courses provide an engaging learning experience that incorporates text, voice, video, animation, simulation, interactive sessions, testing and time-stamped reporting.

The NERC CIP Security E-Learning Series is a complete awareness and training program that promotes, maintains and reinforces critical security principles. The program incorporates not only training, but also a variety of other security awareness aides such as company branded posters and newsletters.

VERSION 5 – Keeping the training content updated and relevant is critical to the success of any CIP security program. The NERC CIP programs are now available in the new V5 format to meet new mandated compliance in the industry. Also available is a new condensed module covering all CIP requirements.

All courses can be easily customized to include your organization’s unique policies, processes and procedures. The customization process is as simple as entering your content into our PowerPoint template, then saving and sending it to us for integration into your course. Easily include graphics, links to your PDF’s, or intranet documents to present your procedures for compliance. Use as many slides as required. Customization is typically completed in a three to four day turn around time.

All courses can dynamically deliver training content based on an individual’s role, group or location. Courses can be delivered to address multiple processes for each CIP requirements at multiple sites. In addition, all courses will allow clients to tag their content pages based on whether the student needs to review the content according to their specific role requirements.

Courses can be hosted on our robust behavioral Learning Management System (LiMS) to manage your course curriculum or on your corporate LMS. Our LiMS features allow Assign, Manage, Track and Report course completions with time-stamped confidence. Administrators, Trainers and Managers can send out individual or group email reminders to employees on training. Training results can be easily exported to an Excel Spreadsheet. These courses will additionally capture ALL student interactions with each course and provide a full analysis of the training experience of each student AND the implied efficacy of the course in increasing the level of understanding and awareness of the course topics. Companies will have the ability to review individual performances and to identify the challenges and successes of students and courses. This will assist companies recognize which concepts may need to be addressed further and whether they may need to enhance their own content within the course. These metrics can provide real Business Intelligence to an organization to help them address cultural or compliance behaviors.

CIP V5 Courses Include:
  • Base Training – Cyber Security
  • Information Handling
  • Electronic Access Controls
  • Physical Access Controls (Includes Visitor Management)
  • Cyber Security Incidents, Response and Recovery
Features include:
  • Fully customizable to include your logo, policies, processes, procedures and links to internal and external documents
  • AICC, SCORM 1.2 and SCORM 2004 Compliant
  • Maintenance, Update and Support Program
  • Courses are hosted on our LiMS or self-hosted on your internal LMS
  • Customization support available
  • Time-stamped reporting
  • Deliver custom content to multiple sites, groups, individuals
  • Bookmarking
  • Printable pages for future reference
  • Interactive knowledge checks to reinforce presented content
  • Technical tips
  • Penalty level alerts
  • Customizable test questions
  • Printable Certificate of Course Completion
  • Full schematics provided for customization content
  • Role-based tagging capabilities
  • Training impact analysis capability to capture student training experience
  • Voice enabling or disabling feature
  • Capturing of multiple training experiences
  • Expanded administrator control for database changes
  • Capturing of students decision-making path
  • Student remediation and re-testing for topic retention

CIP V5 BASE TRAINING – CYBER SECURITY

Course Outline:
  • Cyber Security defined
  • The Risks and Rewards of Interconnectivity
  • “Entity” Policy Statement
  • Passive Access Points
  • Passwords
  • Internet Usage (Email Security; Social Media)
  • Smartphones
  • External Devices (Removable Media; Transient Devices; Cloud Storage)
  • Anti Virus
  • Event Handling
  • Assessment
  • Summary

CIP V5 INFORMATION HANDLING

Course Outline:
  • BES Cyber System Information (BESCSI)
  • “Entity” Policy Statement
  • Classification of BES Cyber System Information (BESCSI)
  • BESCSI vs Critical Energy Infrastructure Information (CEII)
  • Storage – Required Practices
  • In Transit – Required Practices (Transport; Transmission)
  • Active Use – Required Practices
  • Destruction – Required Practices
  • Redeployment– Required Practices
  • Event Handling & Logging
  • Assessment
  • Summary

CIP V5 ELECTRONIC ACCESS CONTROLS

Course Outline:
  • How is Electronic Access defined? (Onsite; Remote)
  • “Entity” Policy Statement
  • Access Rights Management (Granting Access; Monitoring Access Needs; Compliance)
  • Interactive Remote Access (Defined; Routable Protocols; Controls)
  • Access Authentication Failure (Access Denial; Access Suspension; Access Restoration; Access Revocation)
  • Policy Reviews & Change Management
  • Assessment
  • Summary

CIP V5 PHYSICAL ACCESS CONTROLS INCLUDING VISITOR MANAGEMENT

Course Outline:
  • How is Physical Access defined?
  • Who is covered? (Employees; Contractors; Vendors; Visitors)
  • “Entity” Policy Statement
  • Access Rights Management (Granting Access; Monitoring Access Needs; Compliance)
  • Secured Areas (Defined; Identified; Controls)
  • Access Authentication Failure (Access Denial; Access Suspension; Access Restoration; Access Revocation)
  • Policy Reviews & Change Management
  • Assessment
  • Summary

CIP V5 CYBER SECURITY INCIDENTS, RESPONSE AND RECOVERY

Course Outline:
  • Cyber vs. Physical (Internal; External)
  • “Entity” Policy Statement (Prevention; Monitoring; Minimization; Mitigation)
  • Incident Identification (Actual Vs Suspected; Vandalism; Willful Acts; Cybercrime)
  • Incident Classification (Response Plan and Process)
  • Reporting/Communication Requirements (Internal and External Resources)
  • Recovery Processes (Documentation; Review; Change Management; Validation)
  • Assessment
  • Summary
CIP V3 Courses and Products Include:
  • CIP V3 Standards Overview Course
  • Individual CIP V3 Standards – 9 Intensive Courses – CIP 001 – 009
  • Standards Awareness For Entities – SAFE Course
  • CIP V3 Standards Refresher Course
  • Quarterly Security Safety Awareness Poster
  • Quarterly Security Safety Awareness Newsletter

CIP V5 CONDENSED RESPONSIVE COURSE – COVERS ALL REQUIREMENTS

The new 45 minute CIP V5 condensed training course incorporates text, voice, video, animation, simulation, interactive sessions, testing and reporting features. The module can be hosted on your organization’s LMS or our robust LiMS.

Topics include:

  • Base Training – Cyber Security
  • Information Handling
  • Electronic Access Controls
  • Physical Access Controls (Includes Visitor Management)
  • Cyber Security Incidents, Response and Recovery

The course has been designed to effectively run on all devices including desktops, smart phones and tablets.

A Certificate of Course Completion is provided for each student.

CIP V3 STANDARDS OVERVIEW COURSE

The CIP Standards Overview Course highlights ALL Requirements in each CIP 001-009. Designated pages display company specific policies and procedures for compliance. The course allows for the inclusion of company specific test questions. Runs from your LMS or ours to provide time-stamped student completion records.
Course Run-Time: 40 – 60 minutes.

Course Outline
  • Opens with information about the need for vigilance regarding cyber- security threats.
  • On-screen Instructor reviews course content and reasons for course participation. Simulates a live classroom setting
  • General knowledge checks throughout the course are interactive and reinforce presented content.
  • The Main Menu visually tracks progress through the course and is a helpful tool for time management.
  • An on-screen Instructor introduces each “Chapter” or CIP by presenting background information about the Standard.
  • The individual Requirements of each CIP are displayed, presenting the mandates points for compliance.
  • Violation Severity Levels are presented with an interactive scenario challenge to demonstrate possible real-life challenges to cyber security.
  • Displays Your Process, content and documents for compliance with each Standard. This page is the link to customize the training with your site specific content.
  • A quiz on general information and company specific content reinforces knowledge and determines comprehension.
  • Successful quiz completion is required to continue and complete the course.
  • A Summary concludes each “Chapter” or CIP prior to returning to the Menu for the next topic.

INDIVIDUAL CIP V3 STANDARDS – INTENSIVE COURSES

Each of the nine individual CIP courses are presented as a complete course, with in-depth information on each Requirement, Measurement and Compliance mandate. Designated pages display company specific procedures for compliance. The course allows for the inclusion of company specific test questions. Runs from your LMS or ours to provide time-stamped student completion records.
Course Run-Time: 45 – 75 minutes

Course Outline
  • An on-screen Instructor presents background information on the specific CIP Standard.
  • An overview of the requirements present the scope of the CIP content.
  • Core content of the Standard and importance of an agreed upon definition in order to meet the Requirements.
  • The Purpose Statement of the Standard is defined by the actions necessary for compliance. Page interaction is engaging!
  • A Main Menu lists each Requirement of the CIP. Each presents detailed information and must be selected to complete the course.
  • A summary of specific Requirements, Measurements, Compliance Information and possible Audit Issues is included
  • Your custom Policies and Processes for each Requirement of the CIP can be easily added. ALL MUST be viewed before moving forward in the course.
  • Interactive Scenario presentation of compliance issues and violation penalties. Correct information is reinforced on the next page.
  • Challenges of current issues in meeting Requirements of the Standard.
  • Additional issues impacting your response tactics: such as regional differences in interpretation.
  • Violation Severity Levels, formerly “Levels of Non-Compliance”, along with possible penalties.
  • A summary of the CIP before returning to the Menu to continue in the course.
  • A quiz on general information and company specific content reinforces knowledge and determines comprehension.
  • Upon completion, both score and status are reported to the Learning Management System. A Certificate of Completion may be printed.

CIP V3 STANDARDS AWARENESS FOR ENTITIES – SAFE COURSE

The Standards Awareness For Entities – Safe Course includes descriptions of FERC, NERC, Regional Entities, and definitions of ALL the Standards: BAL through VAR to educate all staff members about these agencies, the programs they enforce and the importance of Standardization.

Course Run-Time: 30 minutes

Course Outline:
  • Information on the Federal Energy Regulatory Commission.
  • Information on the North American Electric Reliability Corporation including the formation of the agency.
  • Regional Entities are defined and their role in enforcement discussed.
  • Real-life examples demonstrate the benefits of standardization in preventing disasters.
  • Vulnerabilities of the power grid and implications for the country.
  • The role of ANSI in structuring the Standards.
  • All Standards that are mandated by NERC. Each is required viewing to continue in the course.
  • Template format of the Reliability Standard as a key to understanding the inter-dependence of all components/requirements.
  • Specific elements of the Standards in an interactive and informative presentation.
  • Possible repercussions of non- compliance and steps to prepare for an audit.
  • Violation Penalty Matrix demonstrates how penalties are targeted for specific violations.
  • The need to “prove the negative”, possible types of audits, Penalty Guidelines, and levels of cooperation for compliance.
  • Course does NOT currently report completion to an LMS and does not have a quiz. These elements are possible for future versions or upon request.

CIP V3 STANDARDS REFRESHER COURSE

The CIP Standards Refresher course is a shortened version of the CIP Standards Overview Course designed for returning students. Your custom content will continue to present in the Refresher Course from the “light bulb icon” in the course, exactly as presented in the Overview Course.

Course Run-Time: 30 minutes

Course Outline:
  • Opens with information about the need for vigilance regarding cyber- security threats.
  • On-screen Instructor reviews course content and reasons for course participation. Simulates a live classroom setting.
  • General knowledge checks throughout the course are interactive and reinforce presented content.
  • The Main Menu visually tracks progress through the course and is a helpful tool for time management.
  • The individual Requirements of each CIP are displayed, presenting the mandates points for compliance.
  • Violation Severity Levels are presented with an interactive scenario challenge to demonstrate possible real-life challenges to cyber security.
  • Displays Your Process, content and documents for compliance with each Standard. This page is the link to customize the training with your site specific content.
  • A quiz on general information and company specific content reinforces knowledge and determines comprehension.
  • Successful quiz completion is required to continue and complete the course.
  • A Summary concludes each “Chapter” or CIP prior to returning to the Menu for the next topic.

NERC CIP SECURITY AWARENESS POSTER PROGRAM

The NERC CIP Security Awareness Poster Program provides an eye-catching communications solution to satisfy the requirements of the CIP-004 R1 Compliance Standard for utilities, municipalities and cooperatives. Each electronic poster contains security based topics informing employees on various elements of proper security practices to help increase awareness and adoption of compliance with current standards.
Our team works closely with your organization to customize each poster’s message to meet your specific requirements for your environment and culture.
Customized general Security Awareness Posters are also available for all other organizations.

Benefits
  • Consistent message delivery to all employees
  • Message accessible 24/7 via company intranet access
  • Visible message can be displayed in high traffic areas in any office or plant environment
  • Demonstrates commitment to security
  • Year round awareness
  • Eye catching to increase awareness and compliance with current standards
  • Uniform and efficient presentation
  • Helps increase widespread adoption of security practices within any organization
  • Base Training – Cyber Security
  • Information Handling
  • Electronic Access Controls
  • Physical Access Controls (Includes Visitor Management)
  • Cyber Security Incidents, Response and Recovery

NERC CIP SECURITY SAFETY AWARENESS NEWSLETTER PROGRAM

Each quarter a new DOWNLOADABLE Security Awareness Newsletter in PDF format is released. Each bulletin is branded with Customer company logo and is ready to print and distribute in any environment – electronically or in print format.

The NERC CIP Security Awareness Newsletter Program provides an eye-catching communications solution to satisfy the requirements of the CIP-004 R1 Compliance Standard for utilities, municipalities and cooperatives. Each electronic bulletin contains security based topics informing employees on various elements of proper security practices to help increase awareness and adoption of compliance with current standards.

Our team works closely with your organization to customize each newsletter’s message to meet your specific requirements and include a perfect fit for your environment and culture.

Customized general Security Awareness Newsletters are also available.

Features
  • Branded with company logo
  • Customizable to fit your environment and culture
  • Includes security based topics
  • Interesting and informative presentation
  • Full colour
  • High resolution
  • Alluring graphics
  • Downloadable as a PDF
  • Printable up to 11′ X 17″
  • Monthly and quarterly subscriptions available
Benefits
  • Consistent message delivery to all employees
  • Message accessible 24/7 through company intranet access
  • Visible message can be displayed in high traffic areas in any office or plant environment
  • Demonstrates commitment to security
  • Year round awareness
  • Eye catching to increase awareness and compliance with current standards
  • Uniform and efficient presentation
  • Helps increase widespread adoption of security practices within any organization

NERC CIP STANDARDS CLASSROOM TRAINING

Delivered on-site, a fully customized and comprehensive NERC CIP Standards Classroom Training Course, providing face-to-face instruction and support by our team of highly experienced Security Specialists. The comprehensive program covers all NERC CIP Standard requirementss. The NERC CIP Information Security E-learning Series can be effectively utilized to supplement the instructor-led training program to reinforce all concepts learned in the classroom. Course Completion Certificates are also included in the program.