Author: Brandon Miller | janvier 5, 2026

On January 19, 2023, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC) to develop new Critical Infrastructure Protection (CIP) Reliability Standards, resulting in the groundbreaking CIP-015 Internal Network Security Monitoring (INSM) requirement. This new standard, approved in 2025, shifts grid cybersecurity from perimeter-based defenses to active internal monitoring, enabling organizations to detect lateral movement, reconnaissance, and other adversarial activities inside trusted network zones. 

CIP-015 applies to approximately 400 U.S. registered entities and introduces new responsibilities for High- and Medium-impact Bulk Electric System (BES) Cyber Systems, Electronic Access Control or Monitoring Systems (EACMS) and Physical Access Control Systems (PACS). With enforcement beginning in phases through 2030, organizations must start building mature, defensible monitoring, evaluation, and data protection workflows. 

Download Our White Paper

 

What You’ll Learn

  • A clear breakdown of CIP-015 Requirements R1–R3
    • Internal monitoring expectations
    • Anomaly detection and evaluation processes
    • Data retention and protection obligations 
  • Operational implications for utilities
    • East-west visibility
    • Audit preparedness
    • Risk-based implementation strategies 
  • How to align INSM with cybersecurity frameworks
    • Including NIST SP 800-82 and ISA/IEC 62443 to strengthen maturity and traceability
  • Common pitfalls to avoid
    • These include over-relying on tools without building evaluation workflows, neglecting EACMS/PACS visibility, and misunderstanding retention requirements
  • TRC’s expert guidance
    • Practical insights rooted in real-world audit experience and technical implementation across OT and IT environments

This downloadable white paper helps utilities, operators and compliance leaders understand the scope of CIP-015, key requirements, pitfalls to avoid and strategies for developing an audit-ready INSM program. 

Related Services

View All Services

Download Our White Paper

Download the full white paper to prepare your organization for CIP-015 compliance and elevate your cybersecurity posture.

Download Now

TRC_White-Paper_NERC-CIP-015
Brandon-Miller-e1753806791315
Brandon Miller

Brandon is a cybersecurity and NERC CIP compliance professional with over a decade of experience, beginning with a military career focused on network security and evolving into supporting critical infrastructure. He later transitioned into the utility sector, where he held roles in SCADA/EMS administration and NERC CIP compliance, gaining deep, operational insight into the challenges faced by registered entities. Currently, he serves as a consultant helping electric utilities strengthen their cyber and physical security posture while working to meet ever changing regulatory requirements, with an emphasis on practical, audit-ready solutions grounded in real-world operations.