Ampyx Cyber Blog

The Intersection of Regulation & Resilience

How CMEP Version 8 Reshapes NERC’s Compliance Model
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

How CMEP Version 8 Reshapes NERC’s Compliance Model

The CMEP Version 8 does not rewrite NERC compliance, rather it stabilizes it. Building on years of evolution, the updated Manual reinforces risk-based oversight, professional judgment, technical competence, and enterprise consistency across all Reliability Standards. The result is a more mature, defensible compliance model that shapes how audits, enforcement, and reliability governance now operate.

Read More
From Spot Evaluations to Continuous Oversight: NERC’s New Internal Controls Model
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

From Spot Evaluations to Continuous Oversight: NERC’s New Internal Controls Model

NERC’s December 2025 ERO Enterprise Guide replaces the old ICE model with continuous, risk based internal control oversight embedded across CMEP and Joint Monitoring. This shift makes control design, evidence, and effectiveness a core driver of Compliance Oversight Plans (COPs), audit depth, and how the Regions measure compliance maturity.

Read More
Strategic Value of Self-Reporting in NERC CIP Compliance
Deep Dive Patrick Miller Deep Dive Patrick Miller

Strategic Value of Self-Reporting in NERC CIP Compliance

Self-reporting in NERC CIP isn’t a weakness. It’s a sign of maturity. Proactive disclosures build regulatory trust, reinforce internal controls, and empower compliance teams to improve. When done right, self-reporting signals ownership, not failure, and positions your program as resilient, transparent, and credible.

Read More