NST began work in 2021 with a simple development of Internal Controls for CIP-004, CIP-007, and CIP-010. NST analyzed both documented and undocumented internal controls and produced an Internal Controls Matrix and Internal Controls Program Document, along with a “Test Plan” for the periodic review and evaluation of the controls. Following NST’s success with this limited scope, the project was rolled out to all other CIP Standards. Additionally, NST supported the development of an Internal Controls Framework which was subsequently used by the client to document and centralize NERC O&P controls independently of NST. NST was then hired to finalize and follow the Internal Controls Test Plan and record the results for remediation.
In 2022, NST was invited to support audit prep work and a mock audit in anticipation of a WECC CIP audit in 2023. NST conducted reviews of CIP audit materials, giving feedback on completeness, accuracy, and comprehensibility. NST engaged in several on-site walkdowns and led NST’s “CIP 102” training seminar (Audit Witness Success Module) to client SMEs. Finally, NST assisted the client through the CIP audit process in real-time by collaborating with SMEs to strategize on the optimal presentation of evidence.
Soon after, NST was hired to facilitate a CIP-002 Categorization project for two new networks to support EMS/SCADA control systems as part of a “digitization” effort to modernize the client’s portfolio of BES transmission facilities. NST provided options for the design of each network which would influence NERC CIP obligations and then worked with client SMEs to identify and categorize all BES Cyber Assets. NST then generated the asset lists, inventories, and diagrams necessary for CIP-002 compliance.
Recently, NST has been employed to support the client with CIP compliance across the board for the replacement of an EMS system. NST developed a “compliance checklist” to facilitate the rollout of the new system, reviewed and assessed all applicable procedures and documentation, and collaborated with the EMS vendor to support compliance.
