Ampyx Cyber Blog

The Intersection of Regulation & Resilience

Using the Work of Others in NERC CIP and O&P Compliance
Deep Dive Patrick Miller Deep Dive Patrick Miller

Using the Work of Others in NERC CIP and O&P Compliance

The work of others lets you lean on someone else's assessment as compliance evidence. It does not transfer accountability. This breakdown maps the ERO guidance stack, the two-part test auditors apply, worked examples for CIP-013 vendor assessments and BCSI in the cloud, the FERC FY2025 findings on delegation gone wrong, and the audit prep questions to answer first.

Read More
FERC Staff Report Offers Lessons Learned from 2024 CIP Audits: What You Need to Know
Deep Dive Patrick Miller Deep Dive Patrick Miller

FERC Staff Report Offers Lessons Learned from 2024 CIP Audits: What You Need to Know

In its 2024 CIP audit report, the Federal Energy Regulatory Commission (FERC) shared critical lessons learned from the latest round of reliability audits, revealing key areas where NERC-registered entities can strengthen their security posture. While many organizations successfully met compliance requirements, the report highlighted specific gaps in asset categorization, control center segmentation, and data protection that could pose significant operational risks.

Read More
Understanding NERC's CIP-004-7 and CIP-011-3: A Deep Dive into BCSI Access, Cloud Challenges, and Encryption
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

Understanding NERC's CIP-004-7 and CIP-011-3: A Deep Dive into BCSI Access, Cloud Challenges, and Encryption

Stay ahead of the curve with a comprehensive overview of NERC's new Critical Infrastructure Protection (CIP) standards, CIP-004-7 and CIP-011-3, set to be effective from January 1st, 2024. Understand the pivotal changes concerning BES Cyber System Information (BCSI) access, the nuances of cloud BCSI, and the strategic choices around encryption.

Read More