NERC CIP Compliance
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards establish cybersecurity and physical security requirements to help ensure the reliable operation of North America’s Bulk Electric System (BES).
For organizations seeking managed monitoring, OT Watch and OT Watch Complete provide expert-driven threat hunting for OT environments.
Platform: The Dragos Platform passively monitors and identifies network-connected devices, with custom asset tagging capabilities (e.g., EACMS, PACS, BCS) and CMDB integration. Active collection via the Extended Visibility Agent enriches asset inventories without disrupting operations.
Services: Architecture Reviews and Cybersecurity Architecture Design Reviews (CADR) assess critical assets and network segmentation.
Platform: The Dragos Platform monitors remote access activity, baselines normal communications, and alerts on deviations. The Communications Hub surfaces context including source, destination, and protocols, to support investigation and oversight of remote access.
Services: Standards & Regulations Reviews (via Cybersecurity Architecture Design Review) evaluate governance, policies, and OT security program maturity.
Platform: The Dragos Platform supports MFA, Active Directory integration, and centralized audit logging (CAL) for personnel access to Dragos SiteStores and Sensors.
Services: Dragos personnel delivering services to customers subject to NERC CIP, including OT Watch and OT Watch Complete, fulfill customer-required training and background checks in accordance with contracts and agreements.
Resources: To help satisfy requirements that individuals with access to critical assets are properly trained, Dragos supports NERC CIP customers with the following focused on OT cybersecurity for their personnel:
Platform: Dragos sensors can be deployed inside and outside the ESP for ingress and egress visibility. The platform provides capabilities to identify external communications not routed through an Electronic Access Point (EAP) and visually depicts remote access sessions.
Services: Sensor Placement Studies; Architecture Reviews; Tabletop Exercises; Rapid Response Retainer
Platform: The Dragos Platform detects malicious code using sensors where traditional antivirus cannot be deployed. It logs and alerts on malicious indicators, anomalous authentication behavior, and suspicious access attempts, with configurable log retention and SIEM/Syslog export. It also helps identify logical ports and services on cyber assets.
Platform: The Dragos Platform provides centralized incident management with alert triage, integrated response playbooks, case tracking, forensic artifact retention, and SIEM integrations to support consistent detection, documentation, and response.
Services: Rapid Response Retainer; Tabletop Exercises; Incident Response Plan (IRP) Workshops; OT Watch; OT Watch Complete
Platform: The Dragos Platform includes backup and restore capabilities for Dragos SiteStore and Sensors, with backup and restore events recorded in the Platform UI and audit logs to support recovery validation.
Services: Rapid Response Retainer; Tabletop Exercises; Incident Response Plan (IRP) Workshops
Platform: The Dragos Platform supports OT vulnerability management through passive monitoring and OT-safe active collection, with risk-based prioritization via the “Now, Next, Never” methodology. The Insights Hub consolidates vulnerability, asset, and threat data. Compliance dashboards support CIP-010 workflows.
Services: Network Vulnerability Assessments
Platform: The Dragos Platform provides passive visibility into communication paths and protocols between control centers, helping identify sessions that may appear unencrypted or misaligned with documented security protections, helping to support CIP-012 validation activities.
Resources: Dragos addresses CIP-013 supply chain risk through the Dragos NERC CIP-013 Addendum, which documents contractual and administrative commitments covering secure access controls, personnel authorization, vulnerability remediation timelines, and malicious code protections. Dragos also responds to vendor risk questionnaires upon request.
Platform: The Dragos Platform supports CIP-015 through continuous passive monitoring inside trusted zones, baselining, and four types of OT threat detection to identify anomalous east-west traffic. It retains monitoring data including alerts and network metadata, and protects that data via RBAC, access controls, and MFA support. For more information see Dragos INSM Resources Page.
Services: Dragos can conduct a Sensor Placement Study to analyze and provide recommendations for proper Dragos sensor placement.
