Today’s LiveWire Spotlight looks at the fourth drafts of the CIP standards which will enable the use of virtualization services without affecting legacy perimeter-based architectures.  The primary changes have been made to the CIP definitions designed to precisely bound the virtualized devices and services that are the target of the new cyber security requirements.  This approach requires a few additional updates only to the three standards that are central to the unique cloud-based security control strategies – each are already just five to ten points short of stakeholder approval.

The fourth drafts of the CIP virtualization standards and their supporting materials have been posted on the NERC web site for a 45-day review period.  Comments and ballots must be returned to the Standards Drafting Team by September 30, 2022.