CIP Credential Programs

Certified Credential Programs:

Designed for those with broad responsibilities across multiple areas of compliance oversight. This includes professionals within an organization’s compliance or regulatory oversight teams and technical subject matter experts with significant participation in audits and other oversight activities.

This credential signifies competence in all aspects of managing compliance with the NERC Critical Infrastructure Protection (CIP) standards, which establish federally mandated cybersecurity controls for organizations that own or operate electric power generation or transmission in North America. Upon completion of this credential, recipients will:

  • Demonstrate a thorough knowledge of the NERC CIP standards.
  • Identify the operational and technology contexts in which the NERC CIP standards are applied.
  • Apply regulatory and compliance oversight processes used to enforce the standards.
  • Be qualified to develop, implement, oversee, and manage all aspects of CIP compliance programs and related security efforts within the electric sector.

Target Staff Functions

Cybersecurity, Operational Technology, Networking and Communications, Regulatory Compliance, associated management.

Related Certifications and Experience

A broad range of prior certifications and experience may constitute prior learning for this credential, including CISSP, CISA, and CSM. Previous experience in information systems audit or regulatory compliance will map to this credential.

EnergySec is developing the C2T and C3P credentials related to our NERC CIP programs with funding provided by a DOL grant. The C2T and C3P credentials will be approved by an industry panel and articulated to Southern Utah University (SUU) for college credit. SUU is leading this effort and we expect credential approval early in 2022.

Designed for those with responsibilities for specific technical aspects of NERC CIP Compliance, including SMEs within transmission, generation, system operations, networking, telecommunications, information technology, physical security and cybersecurity.

This credential signifies competence in implementing technical aspects of the NERC Critical Infrastructure Protection (CIP) standards. This credential contains a subset of the C3P competencies and adds additional technical competencies. Upon completion of this credential, recipients will:

  • Demonstrate knowledge of the standards, including a deep understanding of the technicalrequirements and the operational and technology contexts in which they applied.
  • Have a general awareness of compliance oversight and enforcement processes.
  • Apply regulatory and compliance oversight processes used to enforce the standards.
  • Be qualified to implement, on a day-to-day basis, technical controls necessary to meet CIP requirements.

Target Staff Functions

Cybersecurity, Operational Technology, Networking and Communications, Regulatory Compliance, associated management.

Related Certifications and Experience

A broad range of prior certifications and experience may constitute prior learning for this credential, including CompTIA A+, Network+, Security+, GIAC certifications, CCNA, MCSE, etc. Previous experience in information systems or operational technology support will map to this credential.

EnergySec is developing the C2T and C3P credentials related to our NERC CIP programs with funding provided by a DOL grant. The C2T and C3P credentials will be approved by an industry panel and articulated to Southern Utah University (SUU) for college credit. SUU is leading this effort and we expect credential approval early in 2022.

Program Elements:

Credential Elements

Technical Foundations for CIP (Available On-Demand)

This course has been designed to establish a baseline of conceptual technical knowledge that is important to the understanding of and compliance with the NERC CIP standards. The target audience is industry professionals that do not have significant technical backgrounds. However, individual sections may be useful and relevant for technical professionals that need to fill knowledge gaps in domains outside their core expertise.

NERC CIP Deep Dive

This established course has been taught for more than seven years with over 2000 alumni. It has been continuously updated and is current with all approved and enforceable CIP requirements.

Online Self-Assessment Tests

We are developing online knowledge tests that students can use to gauge their level of learning and understanding of the course material. These will be available in early 2022.

Monthly CIP Chats Call

Our monthly CIP Chats are a 1-hour live discussion on recent developments or hot topics related to NERC CIP compliance. These will be led by EnergySec staff and instructors but will allow for discussion amongst all participants.

OJT Work Experience Guide

Work experience is a key component of developing mastery of CIP concepts and the body of knowledge. Program participants have access to a roadmap of specific tasks and experiences they should seek to participate in to fully develop their CIP competencies.

Competency Assessments for Credential Award

Program participants seeking to earn the associated credentials will have access to the required competency assessments. In some cases, proctored testing may be required which will entail an additional fee.

Courses in Development

Additional courses are being developed as part of our CIP credentials program. We currently plan to launch five new courses in beginning in early 2022. Each of these are currently in various stages of planning and development.

Operational Foundations for CIP

Target Course Length: 1 day

This course is intended to provide background information on industry operations to enable a better understanding of the context and relevance of CIP standards. The target audience is compliance professionals that lack background in some or all areas of utility operations.

Operational Foundations for CIP

Target Course Length: 1/2 day

This short course will prepare subject matter experts for participation in live interviews. It is a subset of the NERC CIP Audit Lab.

Supply Chain Security

Target Course Length: 1 day

This course will provide an understanding of supply chain security risks relevant in the electric sector and mitigation strategies. The CIP supply chain standards will be covered in detail as well as Presidential Executive Orders, NERC Supply Chain Risk Mitigation Program documents, and more.

Supplemental Elements for Credential

Access to Class Recordings

Since Spring of 2020, our CIP courses have been offered online. Online classes are recorded for later viewing by attendees.

On-Demand Course Access

In addition to the recorded classes, individual recordings of each class unit are being developed for on-demand viewing.

Additional On-Demand Video Library

In addition to recorded course presentations, additional videos that delve deeper into specific topics are being developed. These videos will build on the information presented in course materials providing more extensive and thorough discussion than can be accomplished in limited class time. More than 50 topics have been identified and the first videos will be released in late 2021

Self-Study Guide and Resource Library

The self-study guides for CIP courses provide a roadmap for further study and review of topics presented in class. All referenced documents are available directly from the class repository for convenience.

Email Access to CIP Instructor

Our CIP instructors are available via email to program participants. This allows a convenient resource to get quick answers to questions that arise between or after class sessions.

Monthly Zoom Open Q&A

Program participants have access to regular online Q&A sessions with our CIP instructors. These willbe held at least monthly, but possibly more frequently based on demand