Ampyx Cyber Blog
The Intersection of Regulation & Resilience
Foundations for OT Cybersecurity: From Inventory to Impact
CISA’s new OT asset-inventory guidance puts structure behind “know your system.” This post translates it into action: a practical, prioritized field set and taxonomy you can implement now. We added a lightweight BIA overlay that links asset criticality to mission impact. We also show where to emphasize configuration baselines, change control, and logging to improve monitoring and decision quality.
NERC CIP-002 Standards Authorization Request - Project 2021-03
NERC’s CIP-002 Project 2021-03 (Phase 2) introduces key updates to improve clarity and consistency in identifying and classifying BES Cyber Systems. The revisions address long-standing ambiguities by clarifying functional entity roles, refining the treatment of communication protocol converters, revising Criterion 1.3 to establish objective criteria for high-impact control centers, and expanding Criterion 2.6 to include control centers operated by Generator Operators and Transmission Owners. These changes aim to eliminate gaps in protection, align risk-based categorizations across all entities, and support more consistent compliance with CIP standards.
FERC Staff Report Offers Lessons Learned from 2024 CIP Audits: What You Need to Know
In its 2024 CIP audit report, the Federal Energy Regulatory Commission (FERC) shared critical lessons learned from the latest round of reliability audits, revealing key areas where NERC-registered entities can strengthen their security posture. While many organizations successfully met compliance requirements, the report highlighted specific gaps in asset categorization, control center segmentation, and data protection that could pose significant operational risks.
Ask An Expert
GOT A TOUGH QUESTION?
Sometimes you just need to phone a friend. Ask us anything, any time. You don’t need to be an existing or prospective client. No cost, no hassle and no commitment. We will not put you on a contact list and our sales team won’t harass you. We will always respect your privacy. We promise. Just real answers from real experts for real problems.