noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

City of Berkeley, CA

Berkeley Police Department asks Motorists “To keep their heads on a[...]
Zoe Lofgren

Lofgren & Local Leaders Celebrate Nearly $2.5 Million in Federal[...]
CalciMedica Inc.

Statement of Changes in Beneficial Ownership - Form 4

Technology

FERC - Federal Energy Regulatory Commission

08/26/2024 | Press release | Distributed by Public on 08/26/2024 15:59

2024 Staff Report Lessons Learned from Commission-Led CIP Reliability Audits | News Release

FERC staff today offered recommendations to help users, owners and operators of the bulk electric system (BES) improve compliance with mandatory Critical Infrastructure Protection (CIP) reliability standards and overall cybersecurity postures.

The report, 2024 Lessons Learned from Commission-Led Reliability Audits, finds most of the registered entities' cybersecurity protection measures meet the mandatory requirements of the CIP reliability standards. The report identifies potential noncompliance and security risks that remain, and offers recommendations to mitigate those risks.

The annual report can help entities assess their risk and compliance with mandatory reliability standards while facilitating efforts to improve the broader security of the nation's electric grid. Staff from FERC's offices of Electric Reliability and Enforcement conducted the audits in collaboration with staff from the North American Electric Reliability Corporation and its regional entities.

The report discusses the following lessons:

Assess the risk to operations presented by associated Cyber Assets, such as electronic access control or monitoring systems, protected cyber assets and physical access control systems, and consider additional security controls beyond those that are required by their categorization (CIP-002-5.1a, R1).
Ensure logically segmented Control Centers at a single site location are evaluated as a single Control Center in BES Asset identification and categorization procedures (CIP-002-5.1a, R1).
Ensure that Cyber Asset baselines include all intentionally installed, commercially available software on each Cyber Asset, including browser extensions and stand-alone applications (CIP-010-4, R1.1.2).
Identify, monitor and implement controls to protect BES Cyber System Information (BCSI) to mitigate the risks posed by unauthorized disclosure and unauthorized access (CIP-011-2, R1).
Ensure the risks of unauthorized disclosure and unauthorized modification of real-time data transmitted between Control Centers within a single environment (Networks, electronic security perimeters) are identified and addressed (CIP-012-1, R1).

Sharing and Personal Tools

Please select the service you want to use: