Ampyx Cyber Blog
The Intersection of Regulation & Resilience
What Multi-Region Entities Need to Know About Coordinated Oversight in 2026
NERC's Coordinated Oversight Program lets multi-region entities consolidate compliance monitoring under one Lead Regional Entity, eliminating duplicate audits across six footprints. New for 2026: Category 2 GO/GOP eligibility opens May 15, annual asset verification becomes formal, periodic group reviews go standard. Breakdown of qualifications, modification paths, and audit prep questions.
Inside the ERPQ: How One Form Shapes Your Audit
NERC's Currently Compliant Episode 9 introduced the consolidated Entity Risk Profile Questionnaire (ERPQ). What the podcast did not draw is the bigger picture: with ICE eliminated and continuous internal controls evaluation now embedded across CMEP, the ERPQ is the entry point into how the ERO Enterprise sees you for every monitoring cycle.
CMEP Version 9: Maintenance on the Surface, Three Signals Underneath
NERC released CMEP Manual Version 9 on March 1, 2026. On the surface it is a maintenance release. Underneath, three signals matter: the Global Internal Audit Standards join the authoritative guidance stack, Rules of Procedure Appendix 4C moved, and a decade-old CIP Version 3 artifact got scrubbed from the Sampling Guide. None of it redraws CMEP. All of it reinforces v8's direction.
How CMEP Version 8 Reshapes NERC’s Compliance Model
The CMEP Version 8 does not rewrite NERC compliance, rather it stabilizes it. Building on years of evolution, the updated Manual reinforces risk-based oversight, professional judgment, technical competence, and enterprise consistency across all Reliability Standards. The result is a more mature, defensible compliance model that shapes how audits, enforcement, and reliability governance now operate.
From Spot Evaluations to Continuous Oversight: NERC’s New Internal Controls Model
NERC’s December 2025 ERO Enterprise Guide replaces the old ICE model with continuous, risk based internal control oversight embedded across CMEP and Joint Monitoring. This shift makes control design, evidence, and effectiveness a core driver of Compliance Oversight Plans (COPs), audit depth, and how the Regions measure compliance maturity.
ERO CMEP 2026: Oversight in the Age of Transformation
The Electric Reliability Organization’s (ERO) 2026 Compliance Monitoring and Enforcement Program Implementation Plan (CMEP) signals a new era in how risk-based oversight keeps pace with a rapidly transforming grid. Released in October, the plan refines NERC’s compliance priorities for the coming year, retiring Incident Response as a distinct risk element and introducing Grid Transformation as a central theme.
Strategic Value of Self-Reporting in NERC CIP Compliance
Self-reporting in NERC CIP isn’t a weakness. It’s a sign of maturity. Proactive disclosures build regulatory trust, reinforce internal controls, and empower compliance teams to improve. When done right, self-reporting signals ownership, not failure, and positions your program as resilient, transparent, and credible.