Aggregator

You must login to view this content

You must login to view this content

Explore key cybersecurity requirements and implementation deadlines for electric power utilities included in the NERC CIP-003-9 standard for Low-Impact BES (Bulk Electric System) Cyber Systems, and how Tenable can help deliver the comprehensive visibility required to ensure compliance.

1. NERC CIP-003-9 introduces specific requirements for electric power utilities and related sectors with low-impact BES cyber systems.
2. Many municipally owned utilities, public power authorities and state or locally operated transmission entities fall within the scope of Low Impact BES Cyber Systems and will be impacted by these revisions.
3. With the first major implementation deadline on April 1, 2026, and others in 2028 and 2030, entities must begin planning and implementation now to avoid audit friction.
4. Tenable OT Security addresses core NERC CIP requirements through continuous asset discovery, anomaly detection with real-time alerts, data retention, and access control.

Electric power utilities in North America are under pressure to comply with the latest security provisions from the North American Electric Reliability Corporation (NERC). The newest set of provisions will be implemented over the next four years, starting in April of this year.

Specifically, the NERC Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-9 becomes officially enforceable on April 1, 2026. As part of the Supply Chain Low-Impact Revisions, this standard introduces specific requirements for electric power utilities and related sectors with low-impact BES (Bulk Electric System) cyber systems. This update is particularly significant for municipally owned utilities and cooperatives that may have previously operated under lighter oversight but are now pulled into higher compliance tiers due to recent updates like CIP-002-7.

At a high level, the BES includes the electrical generation resources, transmission lines, and interconnections generally operated at voltages of 100 kV or higher. Historically, “low-impact" assets were subject to lighter oversight, but the evolving threat landscape—specifically targeting the supply chain—has necessitated a more rigorous approach.

CIP-003 requires organizations to specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 

The transition to full compliance isn't a one-time event; it's a tiered rollout. Understanding these milestones is critical for budget and resource planning:

Meeting NERC CIP requirements can be a manual, spreadsheet-heavy nightmare—especially for local government entities that lack the massive compliance departments found in larger investor-owned utilities. Tenable OT Security acts as a force multiplier, allowing small IT teams to automate asset discovery and evidence collection without exhausting limited public sector budgets. Tenable OT Security is designed to help organizations meet these technical and operational demands with confidence, turning a compliance burden into a strategic advantage.

We address the core pillars of the standard through:

• Asset discovery: Identify every device in your environment—including those deep in the "low-impact" layers—to ensure nothing is left unmanaged.
• Anomaly detection: Real-time monitoring to catch unauthorized configuration changes or suspicious network behavior that could signal a supply chain breach.
• Data retention and reporting: Automatically generate the reports needed for audits, reducing the "compliance fire drill" that usually occurs when regulators knock.
• Access control and exposure management: Prioritize the risks that actually matter in terms of uptime and cyber resilience, ensuring you are both compliant and secure.

Tenable OT Security supports compliance with CIP-003 through real-time alerts designed to help security teams enforce security management policies.
 

An example of how a user can leverage the Compliance Dashboard in Tenable OT Security with multiple security frameworks selected to evaluate, monitor, and report on compliance with relevant regulatory compliance frameworks and industry standards. 

Tenable OT Security alerts in real-time on any unauthorized access activities to the OT environment as well as enabling the enforcement of security management policies. In addition, it fully audits all OT activities, including controller engineering activities like logic updates, configuration changes and firmware uploads/downloads. Tenable OT Security tracks the source of the activity, the exact commands used, the devices impacted and the specific impact to these devices, as well as the date and time of each activity. This comprehensive audit trail enables grid owners and operators to establish responsibility and accountability. It also helps in the prevention of malicious or erroneous activities that could lead to misoperation or instability of the plant.

While NERC CIP focuses specifically on the grid, modern utilities don’t operate in a vacuum. The convergence of IT and OT means your cyber exposure is interconnected. 

For state and local government entities that operate power generation, transmission or distribution infrastructure, cyber risk doesn’t exist solely within the grid environment. IT systems supporting billing, emergency communications, identity access management and cloud based service delivery are increasingly interconnected with OT environments. For a local government, a cyber incident in the grid doesn't just impact power; it can ripple through essential public services. Tenable One provides a unified view, helping SLG leaders bridge the gap between small IT teams and complex OT systems.

The Tenable One exposure management platform provides a unified view of your entire attack surface. By combining OT-specific insights with IT, cloud, and identity data in a single view, Tenable One allows you to see beyond basic compliance—enabling you to prioritize risk across your entire infrastructure and communicate your security posture from the control room to C-suite.

• Download the guide to compliance with NERC CIP standards
• Register for our April 15th webinar, “NERC CIP-003-9: Addressing the April 1st Enforcement.”
• Request a personalized demo to see the power of Tenable One in action.
• Get in touch to discuss your unique IT/OT security compliance challenges.
• Explore our NERC CIP resources to learn more about securing your critical infrastructure.

Explore key cybersecurity requirements and implementation deadlines for electric power utilities included in the NERC CIP-003-9 standard for Low-Impact BES (Bulk Electric System) Cyber Systems, and how Tenable can help deliver the comprehensive visibility required to ensure compliance.

1. NERC CIP-003-9 introduces specific requirements for electric power utilities and related sectors with low-impact BES cyber systems.
2. Many municipally owned utilities, public power authorities and state or locally operated transmission entities fall within the scope of Low Impact BES Cyber Systems and will be impacted by these revisions.
3. With the first major implementation deadline on April 1, 2026, and others in 2028 and 2030, entities must begin planning and implementation now to avoid audit friction.
4. Tenable OT Security addresses core NERC CIP requirements through continuous asset discovery, anomaly detection with real-time alerts, data retention, and access control.

Electric power utilities in North America are under pressure to comply with the latest security provisions from the North American Electric Reliability Corporation (NERC). The newest set of provisions will be implemented over the next four years, starting in April of this year.

Specifically, the NERC Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-9 becomes officially enforceable on April 1, 2026. As part of the Supply Chain Low-Impact Revisions, this standard introduces specific requirements for electric power utilities and related sectors with low-impact BES (Bulk Electric System) cyber systems. This update is particularly significant for municipally owned utilities and cooperatives that may have previously operated under lighter oversight but are now pulled into higher compliance tiers due to recent updates like CIP-002-7.

At a high level, the BES includes the electrical generation resources, transmission lines, and interconnections generally operated at voltages of 100 kV or higher. Historically, “low-impact" assets were subject to lighter oversight, but the evolving threat landscape—specifically targeting the supply chain—has necessitated a more rigorous approach.

CIP-003 requires organizations to specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 

The transition to full compliance isn't a one-time event; it's a tiered rollout. Understanding these milestones is critical for budget and resource planning:

Meeting NERC CIP requirements can be a manual, spreadsheet-heavy nightmare—especially for local government entities that lack the massive compliance departments found in larger investor-owned utilities. Tenable OT Security acts as a force multiplier, allowing small IT teams to automate asset discovery and evidence collection without exhausting limited public sector budgets. Tenable OT Security is designed to help organizations meet these technical and operational demands with confidence, turning a compliance burden into a strategic advantage.

We address the core pillars of the standard through:

• Asset discovery: Identify every device in your environment—including those deep in the "low-impact" layers—to ensure nothing is left unmanaged.
• Anomaly detection: Real-time monitoring to catch unauthorized configuration changes or suspicious network behavior that could signal a supply chain breach.
• Data retention and reporting: Automatically generate the reports needed for audits, reducing the "compliance fire drill" that usually occurs when regulators knock.
• Access control and exposure management: Prioritize the risks that actually matter in terms of uptime and cyber resilience, ensuring you are both compliant and secure.

Tenable OT Security supports compliance with CIP-003 through real-time alerts designed to help security teams enforce security management policies.
 

An example of how a user can leverage the Compliance Dashboard in Tenable OT Security with multiple security frameworks selected to evaluate, monitor, and report on compliance with relevant regulatory compliance frameworks and industry standards. 

Tenable OT Security alerts in real-time on any unauthorized access activities to the OT environment as well as enabling the enforcement of security management policies. In addition, it fully audits all OT activities, including controller engineering activities like logic updates, configuration changes and firmware uploads/downloads. Tenable OT Security tracks the source of the activity, the exact commands used, the devices impacted and the specific impact to these devices, as well as the date and time of each activity. This comprehensive audit trail enables grid owners and operators to establish responsibility and accountability. It also helps in the prevention of malicious or erroneous activities that could lead to misoperation or instability of the plant.

While NERC CIP focuses specifically on the grid, modern utilities don’t operate in a vacuum. The convergence of IT and OT means your cyber exposure is interconnected. 

For state and local government entities that operate power generation, transmission or distribution infrastructure, cyber risk doesn’t exist solely within the grid environment. IT systems supporting billing, emergency communications, identity access management and cloud based service delivery are increasingly interconnected with OT environments. For a local government, a cyber incident in the grid doesn't just impact power; it can ripple through essential public services. Tenable One provides a unified view, helping SLG leaders bridge the gap between small IT teams and complex OT systems.

The Tenable One exposure management platform provides a unified view of your entire attack surface. By combining OT-specific insights with IT, cloud, and identity data in a single view, Tenable One allows you to see beyond basic compliance—enabling you to prioritize risk across your entire infrastructure and communicate your security posture from the control room to C-suite.

• Download the guide to compliance with NERC CIP standards
• Register for our April 15th webinar, “NERC CIP-003-9: Addressing the April 1st Enforcement.”
• Request a personalized demo to see the power of Tenable One in action.
• Get in touch to discuss your unique IT/OT security compliance challenges.
• Explore our NERC CIP resources to learn more about securing your critical infrastructure.

The post How to prepare for NERC CIP compliance deadlines in 2026 and beyond appeared first on Security Boulevard.

Secure Code Warrior has announced SCW Trust Agent: AI, a governance solution designed to make AI influence in software development visible, attributable, and enforceable at the point of commit, enabling enterprises to scale AI coding tools with measurable control over software risk. Organizations can trace which AI models influenced specific commits, correlate that influence with vulnerability exposure, and take corrective action before insecure code reaches production. According to Sonar’s 2026 State of Code Developer Survey, … More →

The post SCW Trust Agent: AI tracks AI influence in code to reduce software risk appeared first on Help Net Security.

A path traversal vulnerability has been identified in the Kubernetes Container Storage Interface (CSI) Driver for NFS, potentially allowing attackers to delete or modify unintended directories on NFS servers. The flaw stems from insufficient validation of the subDir parameter in volume identifiers, exposing clusters that permit users to create PersistentVolumes referencing the NFS CSI driver. […]

The post Kubernetes CSI Driver for NFS Vulnerability Lets Attackers Delete or Modify NFS Server Directories appeared first on Cyber Security News.

You must login to view this content

In a previous blog, we presented NIST's benchmark definition of integrity monitoring.

The conclusion was clear: Many vendor claims of file integrity monitoring (FIM) capabilities do not match this definition.

Change detection across system components, including files, is crucial and implemented in many tools, including EDR/XDR. However, while these systems often claim FIM capabilities, file change detection alone falls short of true FIM.

The post FIM Test: A Method for Distinguishing True FIM Capabilities in a Crowd of Claims appeared first on Security Boulevard.

Xona Systems has introduced Active Defense, a new capability that enables organizations to stop threats during live remote access sessions in operational technology (OT) environments automatically, without waiting for manual intervention. In many environments, the gap between detecting suspicious activity and stopping an active session can stretch from minutes to hours, leaving adversaries connected to operational systems while a response is coordinated. Active Defense closes that window. Remote connectivity is now essential for operating and … More →

The post Xona Systems brings real-time threat response to OT remote access sessions appeared first on Help Net Security.

XM Cyber has enhanced its Continuous Exposure Management Platform to help organizations adopt AI without exposing themselves to new and emerging threats. The release introduces three major capabilities that enable organizations to embrace AI-driven innovation at full speed, without giving attackers a roadmap to their most critical assets. “Rapid AI adoption has created a dilemma for security leaders: innovate at speed, or maintain the controls needed to stay secure. Our new functionality eliminates this friction … More →

The post XM Cyber advances AI security with enhanced exposure and attack path visibility appeared first on Help Net Security.

Microsoft has rolled out an out-of-band update for Windows 11 users to address a frustrating interface bug affecting Bluetooth device visibility. Released on March 16, 2026, this emergency patch resolves a software glitch in which connected wireless peripherals mysteriously disappeared from the operating system’s settings menus. While Microsoft typically issues security and performance fixes on […]

The post New Windows 11 25H2/24H2 Update Fixes Bluetooth Devices Visibility Issues appeared first on Cyber Security News.

SailPoint has announced the launch of SailPoint Shadow AI Remediation, the latest component of its real-time AI governance and security framework. This solution enables organizations to discover, monitor, and secure the use of unauthorized AI tools, known as “shadow AI,” helping to mitigate the security and compliance risks associated with the rapid growth of artificial intelligence. As employees turn to AI platforms like ChatGPT, Claude, Gemini, and others to enhance productivity, they often do so … More →

The post SailPoint improves visibility and control over unauthorized AI use appeared first on Help Net Security.