New guide: Understanding NERC CIP compliance for power and utilities
As power and utility customers are experiencing digital transformation, they are looking to the cloud for ways to enhance support of their business and customers.
Our customers want to know more about security and resiliency using cloud and they are sensitive to their compliance obligations including those around North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP).
Accordingly, we are pleased to release the AWS User Guide to Support Compliance with NERC CIP Standards. Download the guide here.
Last month at 2020 DISTRIBUTECH International conference (DTECH), AWS hosted a panel discussion with two utility industry executives who shared their cloud journey experiences, and AWS discussed security and compliance in the cloud. They shared the value and opportunity that they see in cloud technology through robust data analytics, improved data reliability, and ready resiliency. Watch the panel.
The NERC CIP compliance obligations apply to US and Canadian entities, yet the security objectives embodied in the standards apply globally. The User Guide helps you understand how you can use cloud to meet your business and security objectives while also supporting your NERC CIP compliance program.
The discussion describes key concepts for customers considering CIP regulated workloads in the cloud:
- How customers inherit security of the cloud infrastructure.
- How independent certifications validate the security controls managed by AWS.
- How responsibilities are shared in managing and protecting workloads.
- How cloud can fulfill CIP security objectives for identity and access management, data protection, patching and vulnerability management, security event monitoring, incident response, resilience and system recovery, and physical security.
- Details on applicable AWS services and the associated shared responsibilities, by CIP standard and requirement (appendix).
The guide provides power and utility customers a path to get started planning their migration to the AWS Cloud and making cloud part of their CIP Compliance program.