A common challenge for many electric utilities and power generators developing their NERC CIP-15-1 Internal Network Security Monitoring (INSM) program is classifying the INSM system itself. Under CIP-015-1, an INSM system isn’t pre-classified as a single asset type, such as a Protected Cyber Asset (PCA), an Electronic Access Control or Monitoring System (EACMS), or as BES Cyber System Information (BCSI). Instead, the responsible entity must evaluate the INSM system against its NERC CIP program (CIP-002 and CIP-011 processes) to determine the appropriate classification based on location, function, and the data it processes. Â
Classifying the INSM system can significantly affect the effort required to remain compliant. A well-designed INSM program should include a clear explanation of how and why an entity categorized the system. This article offers background, justification, and recommendations, but ultimately, each entity must determine its own classification.