NERC CIP (Critical Infrastructure Protection) standards are mandatory reliability standards for bulk electric system owners and operators, covering electronic security perimeters, physical security, systems security management, personnel and training, and incident reporting — with significant financial penalties for non-compliance assessed by NERC regional entities. Zero Trust architecture directly addresses the CIP access management requirements (CIP-004, CIP-005, CIP-007) by providing identity-verified, continuously monitored access to bulk electric system assets, replacing the static electronic security perimeter model with dynamic, policy-driven access control.
Related: Energy · Utilities · Zero Trust for OT · SCADA · EMS