SERVICES
CASE STUDIES
LIBRARY
COMPANY
CONTACT US
Button switch
Services
Case Studies
Library
Company
Contact us
case study

Teaching an SME to CIP

Self-Report Support

In 2022, after identifying numerous large-scale issues across their NERC CIP compliance program, this organization decided to initiate a full program overhaul. The organization called upon NST to support the longlist of program areas in need of improvement, including:

·        CIP-002 asset categorization,

·        CIP-005 firewall configurations,

·        CIP-006 physical security,

·        CIP-008 incident response,

·        CIP-010 baseline configurations, and

·        CIP-013 Supply Chain Risk Management.

 

With such a broad scope of remediation items, NST and the organization worked to develop an efficient, repeatable framework to ensure that no area was overlooked. NST began with a high-level review of the program’s current state, during which gaps between the organization’s program and the NERC CIP Standards were grouped into three categories:

·        Activities which were neither performed nor documented,

·        Documented activities that were not being performed, and

·        Undocumented activities that were being performed in alignment with the NERC CIP Standards.

 

By categorizing the gaps in this way, the organization was able to take credit for existing activities or documentation that supported a positive compliance posture. NST and the organization collaborated to develop Self-Reports. NST led Extent of Condition (EOC) and Root Cause Analysis (RCA) as well as the development of mitigation activities and milestones.

 

Program Redevelopment and Technical Writing

NST and this organization collaborated to create or update documentation, ensuring that new programs:

·        Correctly outlined actual performance of processes,

·        Identified Internal Controls ensuring that processes are completed, and

·        Are easy to follow, well-organized, and describe actual processes without duplicating the language of the NERC CIP Standards.

 

NST provided ongoing project management support throughout implementation. NST and client SMEs shared ownership of new program elements and collaborated closely to socialize changes across the organization, ensuring the resulting processes were both accurate and sustainable.

 

Training Development

To educate SMEs on newly revised policies, procedures, and work instructions, NST developed a series of fully customized training modules. These modules highlighted information important for SMEs at each impact rating, as well as a dedicated CIP-013 module and a rewrite of the organization’s annual NERC CIP Training. NST incorporated these training materials into the organization’s LMS system.

 

Continued Partnership

NST transitioned ownership and management of the newly developed program to the client. NST’s ongoing engagement now supports the ebb and flow of compliance activities including the Annual VA, tabletop exercises, and periodic audit cycles.

Continue reading
All Case studies
Button switch
Teaching an SME to CIP
A large GO with medium impact Assets in multiple NERC Regions struggled to keep up with day-to-day compliance activities. NST worked with this organization to get them back on track, and the relationship continues to this day.
In-Depth Network Review
A large, multi-state energy provider operating a diverse mix of transmission, gas, and LNG assets across the Northeast was looking to implement a new tool to improve network visibility. NST supported them through every step of the way.

The Original
NERC CIP Team

Want to go above and beyond? Keep clicking.
Or just call NST today.
CONTACT US
You're one click away from meeting the best NERC CIP team in North America.
CONTACT US
SERVICES
NERC CIP COMPLIANCE
INFORMATION + CYBER SECURITY
RISK + REGULATORY SOLUTIONS
RESOURCES
CASE STUDIES
COMPANY
ABOUT US
OUR TEAM
© 2026 Network + Security Technologies. All rights reserved.
Terms of Use  -
Privacy Policy