Today’s LiveWire Spotlight looks at the findings and recommendations from Commission Staff who attended a series of CIP cyber security audits between October 1, 2020 through September 30, 2021.  The FERC team extracted fourteen new Lessons Learned from their data and observations related to inadequate CIP policies, plans, processes, and controls.

The Lessons Learned identified by FERC’s Staff are not a guarantee of compliance, but auditors tend to give special consideration to Responsible Entities who make a good faith attempt to adhere to the Commission’s recommendations.