← All frameworks Energy & Critical Infrastructure

NERC CIP-004 & CIP-003 security awareness training.

Personnel training, phishing simulation, and security awareness evidence for Bulk Electric System entities — with zero testing footprint on OT/ICS assets.

$ cat nerc-cip.txt

What NERC CIP actually requires.

$ ls /nerc-cip/services

How this maps to what we do.

CIP-004-6, R2

Per-employee campaign results and completion records give your compliance team the documented personnel-training evidence R2 asks for, without any testing footprint on OT/ICS assets.

CIP-003

An append-only, tamper-resistant log of every campaign action supports the security-awareness-program documentation reviewers expect alongside your broader CIP-003 controls.

IT Audits & Testing

For the IT side of the house — corporate systems outside the Electronic Security Perimeter — we run the same audits and penetration tests we run for any client, scoped well clear of OT/ICS boundaries.

Building out your CIP-004 training program?

Tell us your entity's impact rating and audit cycle — we'll scope what fits.

Request an assessment