Training: NERC CIP Cyber Security Training


SANS has developed a training program designed for electric utility organizations subject to the NERC CIP Reliability Standards. The two-part program addresses the cyber security training and security awareness requirements in NERC CIP-004 as well as the security awareness requirement in NERC CIP-003.

CIP Cyber Security Training includes 13 CIP-specific modules designed to address the training requirements for personnel with access to High and Medium Impact BES Cyber Systems. The modules cover all of the cyber security training topics required by CIP-004 R2 including physical and cyber risks to networked systems, considerations for system interconnectivity and interoperability and how user actions can affect cyber security.

Your organization can customize the learning by adding direct links to your own security policies following each module. Included with each module is an optional online quiz that tests the student's comprehension of the covered material.

End User Security Awareness Training includes 24 security awareness modules that utilize a proven framework based on the CIS Critical Security Controls and are aimed at changing user behavior and reducing risk. These modules achieve the security awareness training requirements in CIP-004 R1 and in CIP-003.*

The CIP Training Program is designed to be hosted on your organization's own SCORM-compliant LMS or the SANS-hosted Advance Cyber Learning Platform (ACLP) and customers can choose to purchase one or both parts based on your individual need. If utilizing the ACLP, students can access their assigned training via any internet-enabled browser and student progress can be tracked via the ACLP's administration web interface.

All of the CBT training is U.S. Federal 508/ADA compliant.

Optional purchase: Each End User Security Awareness Training module has an associated newsletter, poster, and screensaver to help reinforce the CBT training. The support materials package is customized with your organization's name, logo, and security team contact information. It is delivered in electronic format ready for printing or distribution using other channels.

If your organization is interested in reviewing this training program, please visit us at:

* Low Impact BES Cyber System training requirements are contained in NERC CIP-003-5 R2.1 and CIP-003-6 R2.