Related Files
Status
A 30-day informal comment period for the Project 2025-02 Internal Network Security Monitoring Standard Revision Standard Authorization Request (SAR) is open through 8 p.m. Eastern, Friday, August 15, 2025.
Additionally, nominations are being sought for drafting team members through 8 p.m. Eastern, Thursday, July 31, 2025.
Background
On June 26, 2025, the Federal Energy Regulatory Commission (FERC) approved proposed Reliability Standard CIP-015-1 and issued Order No. 9071 directing NERC to develop certain modifications to Reliability Standard CIP-015-1 to extend Internal Network Security Monitoring (INSM) to include Electronic Access Control or Monitoring Systems (EACMS) and Physical Access Control Systems (PACS) outside of the Electronic Security Perimeter (ESP). FERC Order No. 907 also provides clarity around the term CIP-networked environment as it is used in Reliability Standard CIP-015-1. FERC directed NERC to submit these revisions for approval within 12 months of the effective date of the final rule, September 1, 2026.
Although proposed Reliability Standard CIP-015-1 was approved, FERC determined that a reliability and security gap remained because CIP-015-1 does not require implementation of INSM for the entire CIP-networked environment and directs NERC to develop and file within 12 months of the effective date of the final rule modifications to Reliability Standard CIP-015-1 to extend INSM implementation to EACMS and PACS outside of the ESP.
1Critical Infrastructure
Protection Reliability Standard CIP-015-1 – Cyber Security -- Internal Network Security Monitoring, Order
No. 907, 191 FERC ¶ 61,224 (June 26, 2025).
Standards Affected: CIP-015-1, CIP-002, CIP-003, CIP-004, CIP-005, CIP-006, CIP-007, CIP-008, CIP-009, CIP-010, CIP-011, CIP-012, CIP-013 and CIP-014. Additional standard revisions may be determined by the drafting team.
Purpose/Industry Need
A reliability and security gap remains because CIP-015-1 does not require implementation of INSM for the entire CIP-networked environment. While the CIP Reliability Standards require monitoring of the ESP and associated systems for high and medium impact Bulk Electric System (BES) Cyber Systems, the CIP-networked environment remains vulnerable to attacks that bypass network perimeter-based security controls traditionally used to identify the early phases of an attack. This presents a gap in the currently effective CIP Reliability Standards. To address this gap, CIP Reliability Standards should be created or modified to include EACMS and PACS outside of the ESP. These provisions will increase the probability of early detection and allow for quicker mitigation and recovery from an attack.
Subscribe to this project's observer mailing list
Select "NERC Email Distribution Lists" from the "Service" drop-down menu and specify “Project 2025-02 Internal Network Security Monitoring Standard Revision” in the Description Box.
