Compliance Guidance
A key factor in the success of compliance monitoring and enforcement of mandatory standards rests on a common understanding among industry and ERO Enterprise Compliance Monitoring and Enforcement Program (CMEP) staff of how compliance can be achieved and demonstrated. For many standards, this is straightforward. For others, a variety of approaches may achieve the same objective. 
In November 2015, the NERC Board of Trustees approved the Compliance Guidance Policy, located under Key Resources. Compliance Guidance under the Compliance Guidance Policy includes two types:
  • Implementation Guidance, which provides examples for implementing a standard; and
  • CMEP Practice Guides, which provide direction to ERO Enterprise CMEP staff on approaches to carry out compliance monitoring and enforcement activities.
Implementation Guidance is developed by industry and vetted through pre-qualified organizations. In order for an organization to become pre-qualified, a member of that organization must submit an application to the Compliance and Certification Committee. Vetted examples can then be submitted to the ERO Enterprise for endorsement, and, if endorsed, the ERO Enterprise would give the example deference during CMEP activities with consideration of facts and circumstances. Implementation Guidance would not prescribe the only approach to implementing a standard and entities may choose alternative approaches that better fit their situation.  Draft Implementation Guidance will be posted below while it is being considered for ERO Enterprise endorsement. Once the Implementation Guidance is endorsed, it will be moved to the ERO Enterprise-Endorsed Implementation Guidance section. Draft Implementation Guidance that does not receive ERO Enterprise endorsement will be removed.
CMEP Practice Guides are developed solely by the ERO Enterprise to reflect the independent, objective professional judgment of ERO Enterprise CMEP staff, and, at times, may be initiated following policy discussions with industry stakeholders. Following development, they are posted for transparency on the NERC website.
For additional information, please contact
CIP_Version_5_FAQ.pdfCIP Version 5 FAQ10/28/2016CIP
CIP-002-5.1_BES_Cyber_Assets_LL.pdfCIP-002-5.1 BES Cyber Assets Lessons Learned10/28/2016CIP
CIP-002-5.1_Communications_and_Networking_Cyber_Assets.pdfCIP-002-5.1 Communications and Networking Cyber Assets10/28/2016CIP
CIP-002-5.1_Far-end_Relay_LL.pdfCIP-002-5.1 Far-end Relay Lessons Learned10/28/2016CIP
CIP-002-5.1_Generation_Interconnection_LL.pdfCIP-002-5.1 Generation Interconnection Lessons Learned 10/28/2016CIP
CIP-002-5.1_Generation_Segmentation_LL.pdfCIP-002-5.1 Generation Segmentation Lessons Learned10/28/2016CIP
CIP-002-5.1_Grouping_of_BES_Cyber_Systems_LL.pdfCIP-002-5.1 Grouping of BES Cyber Systems Lessons Learned10/28/2016CIP
CIP-002-5.1_Standard_Application_Guide.pdfCIP-002-5.1 Standard Application Guide10/31/2016CIP
CIP-013-1-R1 Implementation Guidance.pdfCIP-013-1-R1-R2-R3 Implementation Guidance6/7/2017CIP
CIP-014-2 R1 Guideline (NATF).pdfCIP-014-2 R1 Guideline (NATF)5/4/2017CIP
External_Routable_Connectivity_LL.pdfExternal Routable Connectivity Lessons Learned10/28/2016CIP
FAC-008-3 Standard Application Guide.pdfFAC-008-3 Standard Application Guide10/10/2017FAC
Mixed_Trust_EACMS_Authentication_LL.pdfMixed Trust EACMS Authentication Lessons Learned 10/28/2016CIP
MOD-033-1 Methodology Reference Document.pdfMOD-033-1 Methodology Reference Document 8/7/2017MOD
System_Operating_Limit_definition_and_Exceedance_Clarification_endorsed.pdfSystem Operating Limit Definition and Exceedance Clarification3/24/2017TOP
TPL-001-4_Standard_Application_Guide_endorsed.pdfTPL-001-4 Standard Application Guide3/24/2017TPL
TPL-007-1_Transformer_Thermal_Impact_Assessment_White_Paper.pdfTPL-007-1 Transformer Thermal Impact Assessment White Paper10/28/2016TPL
Vendor_Access_Management_LL.pdfVendor Access Management Lessons Learned 10/28/2016CIP
CIP-004-6 R3 - NGOP Employee Access to TO Sites.pdfCIP-004-6 R3 - NGOP Employee Access to TO Sites10/10/2017CIP
CIP-002-5.1a R1 Shared Ownership of BES Facilities (CIPC).pdfCIP-002-5.1a R1 Shared Ownership of BES Facilities (CIPC)2/9/2018CIP
CIP-014-2 R4 Evaluating Potential Physical Security Attack.pdfCIP-014-2 R4 Evaluating Potential Physical Security Attack2/8/2018CIP
CIP-010-3 R1.6 Software Integrity and Authenticity.pdfCIP-010-3 R1.6 Software Integrity and Authenticity2/8/2018CIP
TOP-001-3 R13 and IRO-008-2 R4 Real Time Assessments (OC).pdfTOP-001-3 R13 and IRO-008-2 R4 Real Time Assessments (OC)5/21/2018TOP
PRC-023-4 R1 Determination of Practical Transmission Relaying Loadability Settings (PC).pdfPRC-023-4 R1 Determination of Practical Transmission Relaying Loadability Settings (PC)5/21/2018PRC
PRC-005-6 Standard Application Guide v2.2a (002).pdfPRC-005-6 Standard Application Guide v2.2a 5/21/2018PRC
CIP-013-1 R2 Supply Chain Risk Management (NATF).pdfCIP-013-1 R2 Supply Chain Risk Management (NATF)11/13/2018CIP
FAC-003-3_Standard_Application_Guide.pdfFAC-003-3 Standard Application Guide10/28/2016FAC
CMEP_Practice_Guide_Phased_Implementation_Completion_Percentages.pdfCMEP Practice Guide Phased Implementation Completion Percentages3/24/2017
CMEP_Practice_Guide_Deference_for_Implementation_Guidance.pdfERO Enterprise CMEP Practice Guide: Deference for Implementation Guidance5/20/2016
CMEP Practice Guide TOP-001-4 and IRO-002-5 Redundant and Diversely Routed.pdfCMEP Practice Guide TOP-001-4 and IRO-002-5 Redundant and Diversely Routed7/11/2018TOP
NATF CIP-013-1 Implementation Guidance.pdfNATF CIP-013-1 Implementation Guidance7/11/2018CIP
CIP-010-2 R1 R2  Configuration Change Management and Vulnerability Assessment (MROSC).pdfCIP-010-2 R1 R2  Configuration Change Management and Vulnerability Assessment (MROSC)11/14/2018CIP
Implementation Guidance Under Consideration or Development Tracking 06_27_2018.pdfImplementation Guidance Under Consideration or Development Tracking6/28/2018
Non-Endorsed Implementation Guidance Tracking 05_21_18.pdfNon-Endorsed Implementation Guidance Tracking 5/21/2018
Retired Implementation Guidance.pdfRetired Implementation Guidance05/08/2017