Canonical FrameworkCompliance & Audit

NERC CIP

NERC CIP control-mapping starter for bulk electric system entities operating cyber assets in OT environments. It references access, configuration, incident, recovery, vulnerability, and supply-chain topics, with configurable gateway controls or evidence fields where applicable.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

US

References

3 references

Mapped Control Domains

7 mapped domains

Deployment

Fully Air-gapped, Sovereign Region

Referenced Frameworks, Standards & Obligations

NERC CIP Reliability Standards (CIP-002 through CIP-013)NERC CIP-013-2 (Supply Chain Risk Management)FERC Order No. 887

Mapped Control Domains

Access Control
Physical Security
Incident Response
Configuration Management
Vulnerability Management
Supply Chain Security
Recovery Planning

Deployment profiles

Fully Air-gapped
Sovereign Region

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.