case study

Mock Audit / Compliance Support

A large investor owned utility with transmission and generation facilities in SERC needed to prepare for an audit. They called us.

The Beginning

NST began work in January 2019 and was tasked to assist with preparations for a CIP audit of high and medium impact BES Cyber Systems scheduled for the end of the year. In the spring, NST assisted in updating procedures, work instructions, templates, RSAWs, and other documentation. NST led a Mock Audit of only the high impact environment in May, with training provided to SMEs on tactics for responding to questions from SERC auditors.  Any identified gaps became the foundation for continued efforts to improve the quality and cohesiveness of the CIP compliance materials. A Mock Audit was conducted of the business unit with medium impact generation plants over the summer.  A Mock Audit of the combined high and medium impact environments occurred in the late fall, a few weeks before the SERC CIP Audit, again with training and guidance provided to SMEs.

Next Steps

NST led and performed the 2019 CVA of high impact BES Cyber Systems and associated Cyber Assets, augmenting a team of new employees of the client with senior technical experts from our full-time staff. The combined team collected information, reviewed and analyzed data, and produced both the CVA Report and CVA Action Plan. NST repeated its role in the 2020 CVA to review the collected information for accuracy, completeness, and relevance as well as in the creation of the CVA Report and CVA Action Plan. NST was subsequently asked to create an enterprise-wide procedure for performing a CVA as well as a “service delivery catalog” describing all assessment activities to be available from a centralized group.

A New Project

In 2020, in support of a proof-of-concept high impact control center consolidating control functions for three medium impact generation plants, NST performed two separate activities.  The first was to ensure that evaluations of the impact on CIP-005 and CIP-007 controls for the network-layer devices were performed satisfactorily, with all evidence records clearly demonstrating those evaluations.  Second, NST reviewed the proposed network architecture to ensure that network-layer devices were properly categorized per CIP-002 (BCA, EACMS, or PCA).  This review also ensured that the vendor-proposed centralization guidance did not alter the categorization of individual Cyber Assets or the impact rating of the generation sites.

In 2021, NST started a review of the network architecture of a proposed permanent high impact control center for managing a larger number of generation sites.  This review includes understanding additional vendor centralization solutions to ensure that neither the impact rating of the plants nor the categorization of individual Cyber Assets is negatively impacted.

Ongoing Support

Additionally, multiple NST consultants have temporarily filled vacancies as compliance analysts at a generation plant while permanent replacements were sought.

Continue reading
All Case studies
Button switch

The Original
NERC CIP Team

Want to go above and beyond? Keep clicking.
Or just call NST today.