New Compliance Guide: NERC CIP standards for BES Cyber System Information on Amazon Web Services

by Ranjan Banerji and Kristine Martz | on

Amazon Web Services (Amazon Web Services) is pleased to release a new Compliance Guide to help support customers who are subject to the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards for BES Cyber System Information (BCSI). Download the guide here . The Compliance Guide helps utility companies understand options for designing and deploying Amazon Web Services Cloud solutions and architectures to protect their BCSI.

In December 2021, the Federal Energy Regulatory Commission (FERC) approved the revised CIP-004-7 and CIP-011-3 standards. The approved revisions modified the CIP requirements for protecting BCSI to provide a path to modern third-party data storage and analysis systems, including cloud technology. These changes allow entities to store, transmit, and use BCSI in the cloud when security and compliance controls are in place and can be demonstrated during a compliance-monitoring and enforcement process.

The Compliance Guide describes key concepts for customers who are considering BCSI workloads on Amazon Web Services:

  • electronic technical methods to protect and securely handle BCSI, including logical isolation and encryption
  • administrative methods to protect electronic BCSI, including independent certifications and customer and service-level agreements
  • methods for authorizing, verifying, and removing provisioned access to BCSI
  • Amazon Web Services automation mechanisms to support governance and compliance at scale, and
  • Amazon Web Services resources, including an Amazon Web Services NERC CIP BCSI Reference Architecture , Operational Best Practices for NERC CIP BCSI Conformance Pack , and two example BCSI use cases.

For more information about how Amazon Web Services supports customer compliance needs, please contact us : https://aws.amazon.com/contact-us/ .

Learn more about how Amazon Web Services is empowering the power and utility industry .

Ranjan Banerji

Ranjan Banerji

Ranjan Banerji is a Principal Partner Solutions Architect at Amazon Web Services focused on the power and utilities vertical. Ranjan has been at Amazon Web Services for seven years, first on the Department of Defense (DoD) team helping the branches of the DoD migrate and/or build new systems on Amazon Web Services ensuring security and compliance requirements and now supporting the power and utilities team. Ranjan's expertise ranges from serverless architecture to security and compliance for regulated industries. Ranjan has over 25 years of experience building and designing systems for the DoD, federal agencies, energy, and financial industry.

Kristine Martz

Kristine Martz

Kristine Martz is a member of the Amazon Web Services security assurance team working as a power and utilities sector specialist. She is a 12-year veteran of the power and utility industry. Kristine helps utility customers adopt cloud solutions for regulated workloads in a secure and compliant way.

The mentioned AWS GenAI Services service names relating to generative AI are only available or previewed in the Global Regions. Amazon Web Services China promotes AWS GenAI Services relating to generative AI solely for China-to-global business purposes and/or advanced technology introduction.