無料レポート プレゼントキャンペーン 実施中 : メールサービスに新規登録いただいた方にご用意した無料レポートをご提供

株式会社グローバルインフォメーション
TEL: 044-952-0102
表紙
市場調査レポート

重要インフラ組織のための「NERC-CIP」標準

Understanding the NERC-CIP Regulations for Critical Infrastructure Organizations, 2018

発行 Frost & Sullivan 商品コード 723031
出版日 ページ情報 英文 90 Pages
納期: 即日から翌営業日
価格
本日の銀行送金レート: 1USD=114.65円で換算しております。
Back to Top
重要インフラ組織のための「NERC-CIP」標準 Understanding the NERC-CIP Regulations for Critical Infrastructure Organizations, 2018
出版日: 2018年10月03日 ページ情報: 英文 90 Pages
概要

当レポートでは、重要国家インフラ組織のサイバーセキュリティ対策としての「NERC-CIP」標準を調査し、NERC-CIP要件の進化と標準規格の改定の経緯、標準規格の詳細、ベンダー環境、成功戦略・成長要件の分析、将来の展望、アナリストの見解などをまとめています。

エグゼクティブサマリー

  • 主要調査結果

定義

NERC-CIP要件の進化

  • 新たなサイバー脅威:重要インフラサイト
  • すでにターゲットとされている重要インフラサイト
  • 法規制環境の標準化
  • 技術の変化に合わせた標準規格の改定

推進因子と障壁

規制の詳細

  • イントロダクション:NERC-CIP規制
  • CIP-002:BESシステムの分類
  • CIP-003:セキュリティマネジメントコントロール
  • CIP-004.1:人材&トレーニング
  • CIP-004.2:人材&トレーニング
  • CIP-004.3:人材&トレーニング
  • CIP-004, 4.1-4.2:人材&トレーニング
  • CIP-004, 4.3-4.4:人材&トレーニング
  • CIP-004, 5.1-5.3:人材&トレーニング
  • CIP-004, 5.4-5.5:人材&トレーニング
  • CIP-005, 1.1-1.5:電子的セキュリティ境界
  • CIP-005, 2.1-2.3:電子的セキュリティ境界
  • CIP-006, 1.1-1.3:BESサイバーシステムの物理的セキュリティ
  • CIP-006, 1.4-1.7:BESサイバーシステムの物理的セキュリティ
  • CIP-006, 1.8-1.10:BESサイバーシステムの物理的セキュリティ
  • CIP-006, 2.1-2.3:BESサイバーシステムの物理的セキュリティ
  • CIP-006, 3.1:BESサイバーシステムの物理的セキュリティ
  • CIP-007, 1.1-1.2:サイバーセキュリティシステムマネジメント
  • CIP-007, 2.1-2.2:サイバーセキュリティシステムマネジメント
  • CIP-007, 2.3-2.4:サイバーセキュリティシステムマネジメント
  • CIP-007, 3.1-3.3:サイバーセキュリティシステムマネジメント
  • CIP-007, 4.1-4.4:サイバーセキュリティシステムマネジメント
  • CIP-007, 5.1-5.4:サイバーセキュリティシステムマネジメント
  • CIP-007, 5.5-5.7:サイバーセキュリティシステムマネジメント
  • CIP-008, 1.1-1.4:サイバーセキュリティインシデントレポーティング&レスポンスプランニング
  • CIP-008, 2.1-2.3:サイバーセキュリティインシデントレポーティング&レスポンスプランニング
  • CIP-008, 3.1-3.2:サイバーセキュリティインシデントレポーティング&レスポンスプランニング
  • CIP-009, 1.1-1.5:BESサイバーシステムの復旧プラン
  • CIP-009, 2.1-2.3:BESサイバーシステムの復旧プラン
  • CIP-009, 3.1-3.2:BESサイバーシステムの復旧プラン
  • CIP-010, 1.1-1.2:設定変更管理・脆弱性評価
  • CIP-010, 1.3-1.5:設定変更管理・脆弱性評価
  • CIP-010, 2.1:設定変更管理・脆弱性評価
  • CIP-010, 3.1-3.2:設定変更管理・脆弱性評価
  • CIP-010, 3.3-3.4:設定変更管理・脆弱性評価
  • CIP-010, 4.1:設定変更管理・脆弱性評価
  • CIP-011, 1.1-1.2:サイバーセキュリティ情報保護
  • CIP-011, 2.1-2.2:サイバーセキュリティ情報保護
  • CIP-014, 1.1-1.2:物理的セキュリティ
  • CIP-014, 2.1-2.4:物理的セキュリティ
  • CIP-014, 3.1:物理的セキュリティ
  • CIP-014, 5.1-5.4:物理的セキュリティ
  • CIP-014, 6.1-6.4:物理的セキュリティ

主要ベンダー

  • ベンダー環境
  • ソリューションプロバイダー・コンサルタント

成長機会

  • 成長機会:コンサルタンシーサービス
  • 成長機会:業界専用サイバーソリューション
  • 成長機会:持続的セキュリティコンバージェンス
  • 成長機会:フルコンプライアンスのためのパートナーネットワーク
  • 成功・成長のための戦略的必須要件

総論

付録

FROST & SULLIVANについて

目次
Product Code: 9AB0/5A

With Stricter Enforcement Protocols Set to go into Effect by 2019, Critical National Infrastructure Organizations are Rapidly Implementing Specific Security Measures to Achieve Full Compliance

The most significant threat is no longer threats to human lives or property from physical attacks-rather the threat lies in more covert warfare tactics, including cyber-attacks and attacks that can cripple, obstruct, or destroy operations within critical infrastructure facilities, such as utility companies, communications towers, ports, manufacturing facilities, or other critical services. In order to protect critical national infrastructure (CNI) entities from these more sophisticated attacks and ensure proper security postures, the North America Electric Reliability Corporation (NERC) has updated its Critical Infrastructure Protections (CIP) regulations to encourage CNI organizations to improve their security posture; protect their information and operational technology systems, networks, and physical assets; and plan for how to keep their networks and assets secure through a continually advancing technological environment. The NERC-CIP regulations provide specific guidance, requirements, and measures for CNI organizations to follow to protect their current assets, enforce proper security protocols and standards, plan for and respond to any security incidents accordingly, and ensure their assets remain protected from malicious actors.

Research Scope:

This research service includes all of the NERC-CIP regulations as written by the NERC Organization, as well as the listed measurements and evidence required for critical infrastructure. Each CIP includes the specified requirements for each compliance category as well as types of documentation, evidence, and plans to show requirements have been met. This service also includes analyst insight into the specific tasks to be performed for each requirement and a clear listing of evidence types for CNI organizations to provide in order to show compliance. This service further details some of the key vendors offering compliance technology solutions, consulting expertise in NERC-CIP regulations, or both types of services for customers. This listing, however, is not exhaustive of all vendors in the market. Key information includes:

  • NERC-CIP listings for requirements 002-011, and CIP-014
  • Listing of CIP measurements to show compliance
  • History of the NERC Organization and the evolution of the requirements
  • Key changes to the NERC-CIP regulatory enforcement and raised security profiles for CNI organizations
  • Summary of requirement listings and key takeaways for CNI organizations
  • Listing of key vendors and specialization

Key Issues Addressed:

  • What are the full regulatory requirements for NERC-CIP compliance?
  • What is the history behind the evolution of the NERC-CIP requirements?
  • What documentation, measurements, or evidence do critical infrastructure entities need to provide to show compliance?
  • Who are some of the key vendors who can help critical infrastructure customers reach full compliance?
  • What NERC-CIP requirements do these vendors' solutions help customers to achieve?

Table of Contents

1. UNDERSTANDING THE NERC-CIP REGULATIONS FOR CRITICAL INFRASTRUCTURE ORGANIZATIONS, 2018

Executive Summary

  • Key Findings

Definitions

  • Definitions

Evolution of NERC-CIP Requirements

  • The New Cyber Threat-Critical Infrastructure Sites
  • Critical Infrastructure Sites Already Targeted
  • Critical Infrastructure Sites Already Targeted (continued)
  • Standardizing the Regulatory Environment
  • Revised Standards to Meet Changing Technology Needs

Drivers and Restraints

  • Market Drivers
  • Drivers Explained
  • Market Restraints
  • Restraints Explained

Regulatory Breakdown

  • Introduction to NERC-CIP Regulations
  • CIP-002: Classification of BES Systems
  • CIP-002: Classification of BES Systems (continued)
  • CIP-003: Security Management Controls
  • CIP-003: Security Management Controls (continued)
  • CIP-003: Security Management Controls (continued)
  • CIP-004.1: Personnel and Training
  • CIP-004.2: Personnel and Training
  • CIP-004.3: Personnel and Training
  • CIP-004, 4.1-4.2: Personnel and Training
  • CIP-004, 4.3-4.4: Personnel and Training
  • CIP-004, 5.1-5.3: Personnel and Training
  • CIP-004, 5.4-5.5: Personnel and Training
  • CIP-005, 1.1-1.5: Electronic Security Perimeters
  • CIP-005, 2.1-2.3: Electronic Security Perimeters
  • CIP-006, 1.1-1.3: Physical Security of BES Cyber Systems
  • CIP-006, 1.4-1.7: Physical Security of BES Cyber Systems
  • CIP-006, 1.8-1.10: Physical Security of BES Cyber Systems
  • CIP-006, 2.1-2.3: Physical Security of BES Cyber Systems
  • CIP-006, 3.1: Physical Security of BES Cyber Systems
  • CIP-007, 1.1-1.2: Cybersecurity Systems Management
  • CIP-007, 2.1-2.2: Cybersecurity Systems Management
  • CIP-007, 2.3-2.4: Cybersecurity Systems Management
  • CIP-007, 3.1-3.3: Cybersecurity Systems Management
  • CIP-007, 4.1-4.4: Cybersecurity Systems Management
  • CIP-007, 5.1-5.4: Cybersecurity Systems Management
  • CIP-007, 5.5-5.7: Cybersecurity Systems Management
  • CIP-008, 1.1-1.4: Cybersecurity Incident Reporting and Response Planning
  • CIP-008, 2.1-2.3: Cybersecurity Incident Reporting and Response Planning
  • CIP-008, 3.1-3.2: Cybersecurity Incident Reporting and Response Planning
  • CIP-009, 1.1-1.5: Recovery Plans for BES Cyber Systems
  • CIP-009, 2.1-2.3: Recovery Plans for BES Cyber Systems
  • CIP-009, 3.1-3.2: Recovery Plans for BES Cyber Systems
  • CIP-010, 1.1-1.2: Configuration Change Management and Vulnerability Assessments
  • CIP-010, 1.3-1.5: Configuration Change Management and Vulnerability Assessments
  • CIP-010, 2.1: Configuration Change Management and Vulnerability Assessments
  • CIP-010, 3.1-3.2: Configuration Change Management and Vulnerability Assessments
  • CIP-010, 3.3-3.4: Configuration Change Management and Vulnerability Assessments
  • CIP-010, 4.1: Configuration Change Management and Vulnerability Assessments
  • CIP-011, 1.1-1.2: Cybersecurity Information Protection
  • CIP-011, 2.1-2.2: Cybersecurity Information Protection
  • CIP-014, 1.1-1.2: Physical Security
  • CIP-014, 2.1-2.4: Physical Security
  • CIP-014, 3.1: Physical Security
  • CIP-014, 5.1-5.4: Physical Security
  • CIP-014, 6.1-6.4: Physical Security

Key Vendors

  • Vendor Landscape per Regulation
  • Solution Providers or Consultancies

Growth Opportunities

  • Growth Opportunity 1-Consultancy Services
  • Growth Opportunity 2-Industrial-Specific Cyber Solutions
  • Growth Opportunity 3-Ongoing Security Convergence
  • Growth Opportunity 4-Partner Networks for Full Compliance
  • Strategic Imperatives for Success and Growth

The Last Word

  • The Last Word-3 Big Predictions
  • Legal Disclaimer

Appendix

  • List of Exhibits

The Frost & Sullivan Story

  • The Frost & Sullivan Story
  • Value Proposition-Future of Your Company & Career
  • Global Perspective
  • Industry Convergence
  • 360° Research Perspective
  • Implementation Excellence
  • Our Blue Ocean Strategy
Back to Top