NERC-CIP's Most Wanted: The Three Top Most Violated NERC-CIP Standards

For three years, electric utilities across North America have been engaged in NERC Critical Infrastructure Protection (CIP) compliance, which includes Sabotage Reporting, Critical Cyber Asset Identification, Security Management Controls, Personnel Training, Physical Security of Critical Cyber Assets, among four other standards. For each of those three years, a minimum of three NERC CIP standards have made appearances on NERC’s Top 10 All Time Violated Standards1 list, including at least two of them as recurrent violators.