New Compliance Guide: NERC CIP standards for BES Cyber System Information on AWS
Amazon Web Services (AWS) is pleased to release a new Compliance Guide to help support customers who are subject to the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards for BES Cyber System Information (BCSI). Download the guide here. The Compliance Guide helps utility companies understand options for designing and deploying AWS Cloud solutions and architectures to protect their BCSI.
In December 2021, the Federal Energy Regulatory Commission (FERC) approved the revised CIP-004-7 and CIP-011-3 standards. The approved revisions modified the CIP requirements for protecting BCSI to provide a path to modern third-party data storage and analysis systems, including cloud technology. These changes allow entities to store, transmit, and use BCSI in the cloud when security and compliance controls are in place and can be demonstrated during a compliance-monitoring and enforcement process.
The Compliance Guide describes key concepts for customers who are considering BCSI workloads on AWS:
- electronic technical methods to protect and securely handle BCSI, including logical isolation and encryption
- administrative methods to protect electronic BCSI, including independent certifications and customer and service-level agreements
- methods for authorizing, verifying, and removing provisioned access to BCSI
- AWS automation mechanisms to support governance and compliance at scale, and
- AWS resources, including an AWS NERC CIP BCSI Reference Architecture, Operational Best Practices for NERC CIP BCSI Conformance Pack, and two example BCSI use cases.