Perle NERC CIP Compliance Solutions

The North American Electric Reliability Corporation (NERC) standards are a set of mandatory cybersecurity standards designed to protect the critical infrastructure of the power grid. NERC establishes and plays a crucial role in overseeing compliance with Critical Infrastructure Protection (CIP) standards to ensure the security and reliability of the North America Bulk Electric System (BES) systems. The key aspects of the NERC CIP standards are:

  1. Scope: The standards apply to utility companies and other entities involved in the operation of the North American power grid.
  2. Requirements: NERC CIP standards cover various aspects of cybersecurity, including physical security, electronic security, and personnel training.
  3. Standards Range: The standards are numbered CIP-001 through CIP-009, each addressing different areas of infrastructure protection.
  4. Compliance: Entities must comply with these standards to ensure the reliability and security of the power grid. Non-compliance can result in significant penalties.

These standards, and similar frameworks like EPCIP in Europe and NCIP in Australia, are essential for maintaining the integrity and security of the power grids by safeguarding it against both physical and cyber threats. Achieving NERC CIP compliance requires not only the right products but also the full commitment of the entire organization in conjunction with a robust infrastructure setup.

Perle offers numerous products with features and configuration options to simplify securing critical infrastructure assets and help ensure your critical infrastructure complies with NERC CIP standards. Deploying the PerleVIEW Central Management Platform along with selected Perle hardware products will also simplify the process.

Perle product NERC CIP compliance details:

NERC CIP Requirement IOLAN SCR Console Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SCRs can be uniquely identified by Serial Number, MAC address, and IMEI
  • PerleVIEW can uniquely identify IOLAN SCRs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, WireGuard, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
  • Serial ports can be used to detect and set alarms
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • LACP
  • WAN/Port fallback
  • Network Health
  • ZTP
  • Various primary and backup services like Alternate Host and PerleVIEW
  • Dual AC Power Inputs
NERC CIP Requirement IOLAN SCG Console Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SCGs can be uniquely identified by Serial Number, MAC address, and IMEI (if SCG with cellular option)
  • PerleVIEW can uniquely identify IOLAN SCGs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular or Modem with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular or Modem with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • LACP
  • WAN/Port fallback
  • Network Health
  • ZTP
  • Various primary and backup services like Alternate Host and PerleVIEW
  • Dual AC or Dual DC Power Inputs
NERC CIP Requirement IOLAN SDSC HV/LDC Terminal Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SDSC HV / LDC can be uniquely identified by Serial Number and MAC address
  • Perle Device Manager can uniquely identify IOLAN SDSCs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Modem with callback support
  • Access is protected as the default configuration
  • 2FA support through AAA
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Modem with callback support
  • Restricted modem access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS, LDAP, NIS, SecurID and Kerberos
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • IPSEC, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email and SNMP
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • Primary and backup redundant network path
  • Various primary and backup services like Alternate Host
  • Dual DC Power Inputs
NERC CIP Requirement IRG Cellular Router Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IRG Routers can be uniquely identified by Serial Number, MAC address, and IMEI
  • PerleVIEW can uniquely identify IRG Routers
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
  • GPIO, I/O, and serial ports can be used to detect and set alarms
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
  • GPIO & I/O events reporting
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • WAN/Port fallback
  • Network Health
  • Various primary and backup services like Alternate Host and PerleVIEW
  • ZTP
NERC CIP Requirement IDS-710 Switch Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IDS managed switches can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify IDS managed switches
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+ and RADIUS alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
  • Relay & I/O events reporting
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • Primary/Backup redundant network path like MRP (Media Redundancy Protocol - IEC 62439-2), Perle’s P-Ring protocol and link Standby
  • PerleVIEW
  • Dual DC Power Inputs
NERC CIP Requirement Fiber Media Converter Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • Perle Managed Media Converters can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify Perle Managed Media Converters
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through Radius
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA Password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • PerleVIEW
  • Dual AC or Dual DC Power Inputs
NERC CIP Requirement Ethernet Extender Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • Perle Managed Ethernet Extenders can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify Perle Managed Ethernet Extenders
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through Radius
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA Password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • PerleVIEW
  • Dual AC or Dual DC Power Inputs

Hi!

Have a Question? Chat with a live Product Specialist!

Have a Question?

We can provide more information about our products or arrange for a price quotation.


email-icon Send an Email
contactus-icon Send an Email callus-icon Call Us
×

Send us an Email