2022 FERC Report on CIP Audits

During (FY) 2022, staff of the Federal Energy Regulatory Commission (FERC) completed non-public Critical Infrastructure Protection (CIP) Audits of several U.S.-based NERC registered entities. During the CIP Audits, staff found that while most of the cyber security protection processes and procedures adopted by the registered entities met the mandatory requirements of the CIP Standards, potential noncompliance and security risks remained.