|    Account Log-In/Register    |    Contact Us
Compliance Guidance
A key factor in the success of compliance monitoring and enforcement of mandatory standards rests on a common understanding among industry and ERO Enterprise Compliance Monitoring and Enforcement Program (CMEP) staff of how compliance can be achieved and demonstrated. For many standards, this is straightforward. For others, a variety of approaches may achieve the same objective. 
In November 2015, the NERC Board of Trustees approved the Compliance Guidance Policy, located under Key Resources. Compliance Guidance under the Compliance Guidance Policy includes two types:
  • Implementation Guidance, which provides examples for implementing a standard; and
  • CMEP Practice Guides, which provide direction to ERO Enterprise CMEP staff on approaches to carry out compliance monitoring and enforcement activities.
Implementation Guidance is developed by industry and vetted through pre-qualified organizations. In order for an organization to become pre-qualified, a member of that organization must submit an application to the Compliance and Certification Committee. Vetted examples can then be submitted to the ERO Enterprise for endorsement, and, if endorsed, the ERO Enterprise would give the example deference during CMEP activities with consideration of facts and circumstances. Implementation Guidance would not prescribe the only approach to implementing a standard and entities may choose alternative approaches that better fit their situation.  Draft Implementation Guidance will be posted below while it is being considered for ERO Enterprise endorsement. Once the Implementation Guidance is endorsed, it will be moved to the ERO Enterprise-Endorsed Implementation Guidance section. Draft Implementation Guidance that does not receive ERO Enterprise endorsement will be removed.
CMEP Practice Guides are developed solely by the ERO Enterprise to reflect the independent, objective professional judgment of ERO Enterprise CMEP staff, and, at times, may be initiated following policy discussions with industry stakeholders. Following development, they are posted for transparency on the NERC website.
For additional information, please contact

 ERO Enterprise-Endorsed Implementation Guidance

CIP_Version_5_FAQ.pdfCIP Version 5 FAQ10/28/2016CIP
CIP-002-5.1_BES_Cyber_Assets_LL.pdfCIP-002-5.1 BES Cyber Assets Lessons Learned10/28/2016CIP
CIP-002-5.1_Communications_and_Networking_Cyber_Assets.pdfCIP-002-5.1 Communications and Networking Cyber Assets10/28/2016CIP
CIP-002-5.1_Far-end_Relay_LL.pdfCIP-002-5.1 Far-end Relay Lessons Learned10/28/2016CIP
CIP-002-5.1_Generation_Interconnection_LL.pdfCIP-002-5.1 Generation Interconnection Lessons Learned 10/28/2016CIP
CIP-002-5.1_Generation_Segmentation_LL.pdfCIP-002-5.1 Generation Segmentation Lessons Learned10/28/2016CIP
CIP-002-5.1_Grouping_of_BES_Cyber_Systems_LL.pdfCIP-002-5.1 Grouping of BES Cyber Systems Lessons Learned10/28/2016CIP
External_Routable_Connectivity_LL.pdfExternal Routable Connectivity Lessons Learned10/28/2016CIP
Mixed_Trust_EACMS_Authentication_LL.pdfMixed Trust EACMS Authentication Lessons Learned 10/28/2016CIP
TPL-007-1_Transformer_Thermal_Impact_Assessment_White_Paper.pdfTPL-007-1 Transformer Thermal Impact Assessment White Paper10/28/2016TPL
Vendor_Access_Management_LL.pdfVendor Access Management Lessons Learned 10/28/2016CIP
CIP-002-5.1_Standard_Application_Guide.pdfCIP-002-5.1 Standard Application Guide10/31/2016CIP
System_Operating_Limit_definition_and_Exceedance_Clarification_endorsed.pdfSystem Operating Limit Definition and Exceedance Clarification3/24/2017TOP
TPL-001-4_Standard_Application_Guide_endorsed.pdfTPL-001-4 Standard Application Guide3/24/2017TPL
CIP-014-2 R1 Guideline (NATF).pdfCIP-014-2 R1 Guideline (NATF)5/4/2017CIP
FAC-008-3 Standard Application Guide.pdfFAC-008-3 Standard Application Guide10/10/2017FAC
CIP-013-1-R1 Implementation Guidance.pdfCIP-013-1-R1-R2-R3 Implementation Guidance6/7/2017CIP
MOD-033-1 Methodology Reference Document.pdfMOD-033-1 Methodology Reference Document 8/7/2017MOD
CIP-004-6 R3 - NGOP Employee Access to TO Sites.pdfCIP-004-6 R3 - NGOP Employee Access to TO Sites10/10/2017CIP
CIP-010-3 R1.6 Software Integrity and Authenticity.pdfCIP-010-3 R1.6 Software Integrity and Authenticity2/8/2018CIP
CIP-014-2 R4 Evaluating Potential Physical Security Attack.pdfCIP-014-2 R4 Evaluating Potential Physical Security Attack2/8/2018CIP
CIP-002-5.1a R1 Shared Ownership of BES Facilities (CIPC).pdfCIP-002-5.1a R1 Shared Ownership of BES Facilities (CIPC)2/9/2018CIP

 ERO Enterprise-Endorsed Implementation Guidance for Inactive Reliability Standards

FAC-003-3_Standard_Application_Guide.pdfFAC-003-3 Standard Application Guide10/28/2016FAC

 CMEP Practice Guides

CMEP_Practice_Guide_Deference_for_Implementation_Guidance.pdfERO Enterprise CMEP Practice Guide: Deference for Implementation Guidance5/20/2016
CMEP_Practice_Guide_Phased_Implementation_Completion_Percentages.pdfCMEP Practice Guide Phased Implementation Completion Percentages3/24/2017

 Proposed Implementation Guidance

PRC-005-6 V2.1.pdfPRC-005-6 V2.13/10/2017PRC
CIP-014-2 R5 Developing and Implementing Physical Security Plans.pdfCIP-014-2 R5 Developing and Implementing Physical Security Plans10/10/2017CIP
TOP-001-3 R13 and IRO-008-2 R4 Real Time Assessment.pdfTOP-001-3 R13 and IRO-008-2 R4 Real Time Assessment1/8/2018TOP
CIP-002-5.1a R1 Voice Communications in a CIP Environment (CIPC).pdfCIP-002-5.1a R1 Voice Communications in a CIP Environment (CIPC)1/5/2018CIP

 Implementation Guidance Under Consideration

Implementation Guidance Under Consideration or Development Tracking.pdfImplementation Guidance Under Consideration or Development Tracking01/29/2018

 Non-Endorsed Implementation Guidance

Non-Endorsed Implementation Guidance Tracking.pdfNon-Endorsed Implementation Guidance Tracking2/8/2018

 Retired Implementation Guidance

Retired Implementation Guidance.pdfRetired Implementation Guidance05/08/2017

home | account log-in/register | legal and privacy/trademark policy | site map | careers | contact us

Atlanta Office | 3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326 | 404-446-2560
Washington Office | 1325 G Street, NW Suite 600, Washington, DC 20005| 202-400-3000

Copyright 2016 North American Electric Reliability Corporation. All rights reserved.