Compliance Guidance
A key factor in the success of compliance monitoring and enforcement of mandatory standards rests on a common understanding among industry and ERO Enterprise Compliance Monitoring and Enforcement Program (CMEP) staff of how compliance can be achieved and demonstrated. For many standards, this is straightforward. For others, a variety of approaches may achieve the same objective. 
In November 2015, the NERC Board of Trustees approved the Compliance Guidance Policy, located under Key Resources. Compliance Guidance under the Compliance Guidance Policy includes two types:
  • Implementation Guidance, which provides examples for implementing a standard; and
  • CMEP Practice Guides, which provide direction to ERO Enterprise CMEP staff on approaches to carry out compliance monitoring and enforcement activities.
Implementation Guidance is developed by industry and vetted through pre-qualified organizations. In order for an organization to become pre-qualified, a member of that organization must submit an application to the Compliance and Certification Committee. Vetted examples can then be submitted to the ERO Enterprise for endorsement, and, if endorsed, the ERO Enterprise would give the example deference during CMEP activities with consideration of facts and circumstances. Implementation Guidance would not prescribe the only approach to implementing a standard and entities may choose alternative approaches that better fit their situation.  Draft Implementation Guidance will be posted below while it is being considered for ERO Enterprise endorsement. Once the Implementation Guidance is endorsed, it will be moved to the ERO Enterprise-Endorsed Implementation Guidance section. Draft Implementation Guidance that does not receive ERO Enterprise endorsement will be removed.
CMEP Practice Guides are developed solely by the ERO Enterprise to reflect the independent, objective professional judgment of ERO Enterprise CMEP staff, and, at times, may be initiated following policy discussions with industry stakeholders. Following development, they are posted for transparency on the NERC website.
For additional information, please contact
CIP_Version_5_FAQ.pdfCIP Version 5 FAQ10/28/2016CIP
CIP-002-5.1_BES_Cyber_Assets_LL.pdfCIP-002-5.1 BES Cyber Assets Lessons Learned10/28/2016CIP
CIP-002-5.1_Communications_and_Networking_Cyber_Assets.pdfCIP-002-5.1 Communications and Networking Cyber Assets10/28/2016CIP
CIP-002-5.1_Far-end_Relay_LL.pdfCIP-002-5.1 Far-end Relay Lessons Learned10/28/2016CIP
CIP-002-5.1_Generation_Interconnection_LL.pdfCIP-002-5.1 Generation Interconnection Lessons Learned 10/28/2016CIP
CIP-002-5.1_Generation_Segmentation_LL.pdfCIP-002-5.1 Generation Segmentation Lessons Learned10/28/2016CIP
CIP-002-5.1_Grouping_of_BES_Cyber_Systems_LL.pdfCIP-002-5.1 Grouping of BES Cyber Systems Lessons Learned10/28/2016CIP
CIP-002-5.1_Standard_Application_Guide.pdfCIP-002-5.1 Standard Application Guide10/31/2016CIP
CIP-013-1-R1 Implementation Guidance.pdfCIP-013-1-R1-R2-R3 Implementation Guidance6/7/2017CIP
CIP-014-2 R1 Guideline (NATF).pdfCIP-014-2 R1 Guideline (NATF)5/4/2017CIP
External_Routable_Connectivity_LL.pdfExternal Routable Connectivity Lessons Learned10/28/2016CIP
FAC-008-3 Standard Application Guide.pdfFAC-008-3 Standard Application Guide10/10/2017FAC
Mixed_Trust_EACMS_Authentication_LL.pdfMixed Trust EACMS Authentication Lessons Learned 10/28/2016CIP
MOD-033-1 Methodology Reference Document.pdfMOD-033-1 Methodology Reference Document 8/7/2017MOD
System_Operating_Limit_definition_and_Exceedance_Clarification_endorsed.pdfSystem Operating Limit Definition and Exceedance Clarification3/24/2017TOP
TPL-001-4_Standard_Application_Guide_endorsed.pdfTPL-001-4 Standard Application Guide3/24/2017TPL
TPL-007-1_Transformer_Thermal_Impact_Assessment_White_Paper.pdfTPL-007-1 Transformer Thermal Impact Assessment White Paper10/28/2016TPL
Vendor_Access_Management_LL.pdfVendor Access Management Lessons Learned 10/28/2016CIP
CIP-004-6 R3 - NGOP Employee Access to TO Sites.pdfCIP-004-6 R3 - NGOP Employee Access to TO Sites10/10/2017CIP
CIP-002-5.1a R1 Shared Ownership of BES Facilities (CIPC).pdfCIP-002-5.1a R1 Shared Ownership of BES Facilities (CIPC)2/9/2018CIP
CIP-014-2 R4 Evaluating Potential Physical Security Attack.pdfCIP-014-2 R4 Evaluating Potential Physical Security Attack2/8/2018CIP
CIP-010-3 R1.6 Software Integrity and Authenticity.pdfCIP-010-3 R1.6 Software Integrity and Authenticity2/8/2018CIP
TOP-001-3 R13 and IRO-008-2 R4 Real Time Assessments (OC).pdfTOP-001-3 R13 and IRO-008-2 R4 Real Time Assessments (OC)5/21/2018TOP
PRC-023-4 R1 Determination of Practical Transmission Relaying Loadability Settings (PC).pdfPRC-023-4 R1 Determination of Practical Transmission Relaying Loadability Settings (PC)5/21/2018PRC
PRC-005-6 Standard Application Guide v2.2a (002).pdfPRC-005-6 Standard Application Guide v2.2a 5/21/2018PRC
PRC-024-2 R2 Generator Frequency and Voltage Protective Relay Settings .._.pdfPRC-024-2 R2 Generator Frequency and Voltage Protective Relay Settings1/3/2019PRC
CIP-013-1 R1 R2  Supply Chain Management (NATF).pdfCIP-013-1 R1 R2  Supply Chain Management (NATF)6/14/2019CIP
FAC-003-3_Standard_Application_Guide.pdfFAC-003-3 Standard Application Guide10/28/2016FAC
CMEP_Practice_Guide_Phased_Implementation_Completion_Percentages.pdfCMEP Practice Guide Phased Implementation Completion Percentages3/24/2017
CMEP_Practice_Guide_Deference_for_Implementation_Guidance.pdfERO Enterprise CMEP Practice Guide: Deference for Implementation Guidance5/20/2016
CMEP Practice Guide TOP-001-4 and IRO-002-5 Redundant and Diversely Routed.pdfCMEP Practice Guide TOP-001-4 and IRO-002-5 Redundant and Diversely Routed7/11/2018TOP
CMEP Practice Guide Information to be Considered by CMEP Staff Regarding Inverter-Based Resources_V1.1.pdfCMEP Practice Guide Information to be Considered by CMEP Staff Regarding Inverter-Based Resources_V1.13/15/2019
ERO Enterprise CMEP Practice Guide - Calendar Month - Annual FINAL.pdfCMEP Practice Guide Calendar Month Annual4/19/2019
ERO Enterprise CMEP Practice Guide _ BCSI - v0.2 CLEAN.pdfERO Enterprise CMEP Practice Guide BES Cyber System Information 4/26/2019CIP
CIP-012-1 R1  Communications Between Control Centers (2016-02 SDT).pdfCIP-012-1 R1  Communications Between Control Centers (2016-02 SDT)6/13/2019CIP
TOP-010-1(i) and IRO-018-1(i) RTA Quality (OC).pdfTOP-010-1(i) and IRO-018-1(i) RTA Quality (OC)6/20/2019TOP
Implementation Guidance Under Consideration or Development Tracking 06_27_2018.pdfImplementation Guidance Under Consideration or Development Tracking6/28/2018
Non-Endorsed Implementation Guidance Tracking 06_24_19.pdfNon-Endorsed Implementation Guidance Tracking6/24/2019
Retired Implementation Guidance.pdfRetired Implementation Guidance05/08/2017