Ampyx Cyber Blog

The Intersection of Regulation & Resilience

How CMEP Version 8 Reshapes NERC’s Compliance Model
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

How CMEP Version 8 Reshapes NERC’s Compliance Model

The CMEP Version 8 does not rewrite NERC compliance, rather it stabilizes it. Building on years of evolution, the updated Manual reinforces risk-based oversight, professional judgment, technical competence, and enterprise consistency across all Reliability Standards. The result is a more mature, defensible compliance model that shapes how audits, enforcement, and reliability governance now operate.

Read More
From Spot Evaluations to Continuous Oversight: NERC’s New Internal Controls Model
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

From Spot Evaluations to Continuous Oversight: NERC’s New Internal Controls Model

NERC’s December 2025 ERO Enterprise Guide replaces the old ICE model with continuous, risk based internal control oversight embedded across CMEP and Joint Monitoring. This shift makes control design, evidence, and effectiveness a core driver of Compliance Oversight Plans (COPs), audit depth, and how the Regions measure compliance maturity.

Read More