Learning Path


This course will cover the creation of NERC, each CIP controlling family and best practices when working with auditors.

What you will learn

NERC CIP is a field designed to protect the bulk electric system. The focus of this NERC CIP learning path is on having a stronger concept of understanding and the skill sets to immediately implement and assist your organization. Through this, you will gain fundamental knowledge of NERC CIP standards, as well as access to an expert compliance analyst.

Wistia video thumbnail


Introduction to NERC CIP

Course — 00:41:37

In this learning path, we will explore the creation of NERC, the regional entities, key terms and a brief introduction to the CIP standards.

The CIP-002 standard

Course — 00:47:02

Explore best practices examples to correctly assess critical assets, as well as how to use this knowledge.

Cybersecurity personnel & training

Course — 00:36:09

In this course, we will learn about common system controls that can be utilized to meet requirements of CIP-004.

Electronic security perimeter

Course — 00:26:44

Explore the most common security practices that will give you an understanding of CIP-005 and how to remain compliant.

Cybersecurity physical security of BES cyber systems

Course — 00:39:03

Learn about operational and procedural controls to restrict physical access, unescorted access, monitoring and logging of access.

Cybersecurity system security management

Course — 00:38:05

Learn about the five additional security controls, ports and services, security patch management, malicious software prevention, security event monitoring and system access controls.

Cybersecurity incident reporting and response planning

Course — 00:30:53

Learn to mitigate the risk of your reliable operations by having a process to identify, classify and respond to a cybersecurity Incident.

Cybersecurity recovery plans for BES cyber systems

Course — 00:22:11

Learn of the common conditions for activation of a recovery plan and processes to mitigate the risk and recovering data.

Cybersecurity configuration change management and vulnerability assessments

Course — 00:45:10

In this learning path, we will focus on the requirements of CIP-010 and why good change management and TCA and RM programs are essential.

Cybersecurity information protection

Course — 00:18:03

Learn about proper ways to store and dispose of BES cyber system information with common security controls.

Security management controls

Course — 00:25:04

Learn the differences in requirements for CIP-003 from Medium to Low Impact and take a closer look at Low Impact requirements.

Cybersecurity supply chain risk management

Course — 00:14:41

CIP-013 is about supply chain risk management and what requirements are needed to be compliant. We will learn supply chain security risks and how to mitigate these risks.

Physical security (transmission stations and substations only)

Course — 00:19:08

This requirement helps your entity narrow down which locations would fall into scope.

Cybersecurity communications between control centers

Course — 00:11:47

In this learning path, we will learn about the mitigations that CIP-012 requires to protect data from unauthorized modifications.

Reliability standard audit worksheet (RSAW)

Course — 00:23:57

This learning path will go over what to expect on the RSAW, ERT and best practices when working with auditors.

Meet the author

Sean has eight years of experience as a project manager, CIP compliance analyst and risk management in the energy field.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every lnfosec Skills subscription so your team can skill up however they learn best.

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

You're in good company


We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus


This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson


We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client