Internal Network Security Monitoring

Project 2023-03 was filed with the Federal Energy Regulatory Commission (FERC) on June 24, 2024, which included the addition of a new Critical Infrastructure Protection (CIP) Standard, CIP-015-1. This Standard aims to enhance internal network security monitoring (INSM). On June 26, 2025, FERC conditionally approved CIP-015-1.

The purpose of CIP-15-1 is to improve the probability of detecting anomalous or unauthorized network activity to facilitate improved response and recovery from an attack. With this purpose in mind the goal of INSM is to provide a detective control that assists in finding and responding to adversarial activity within the, “trusted zones” of an organization’s network. CIP-015-1 will require registered entities to implement, using a risk-based rationale, network data feeds to monitor network activity as a means of detecting and evaluating anomalous network activity for further actions.

Although FERC has conditionally approved CIP-015-1, FERC has also directed the North American Electric Reliability Corporation (NERC) to include modifications that increase the scope of the Standard to include Electronic Access Control and Monitoring Systems (EACMS) and Physical Access Control Systems (PACS) as applicable systems.

With the approval of CIP-015-1, registered entities are encouraged to visit the Project 2025-02 Project Page and review the latest Standard Authorization Request.