Start Free Trial
Home/Regulations/NERC CIP Standards — Regulatory Reference
Regulatory Reference
Energy Industry Standard critical

NERC CIP Standards — Regulatory Reference

Cybersecurity for bulk electric critical infrastructure — AI agents accessing OT data require critical sensitivity floor and strict access controls.

Key Provisions
  • CIP-002 — BES Cyber System categorization
  • CIP-004 — personnel and training (access management)
  • CIP-005 — electronic security perimeters
  • CIP-007 — system security management
  • CIP-011 — information protection
How AutoPIL Enforces It
  • BES Cyber System data classified at CRITICAL sensitivity
  • Strict need-to-know enforcement at retrieval — only authorized AI agents touch OT data
  • Audit chain supports CIP-007 logging and CIP-008 incident response evidence
Policy EngineAudit LogSensitivity LabelsAgent RegistryKey ScopingAlert Rules
AutoPIL Policy IDs
ENG-NERC-CIP004-001OT Personnel Access Management for AI
ENG-NERC-CIP011-001BES Information Protection at Retrieval
Official Sources
https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx

This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.

AutoPIL Governance Platform

Enforce this regulation today

AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.

Start Free Trial View All Industries